CVE Catalog

CVE-2026-34408

Critical
Published: Translated: NVD NIST

Summary

An issue was discovered in Gambio version 4.9.2.0 that allows the password reset function to be bypassed, enabling arbitrary passwords to be set for arbitrary accounts if the account ID is known.

Risk Assessment

The organization may be exposed to unauthorized access to user accounts, potentially leading to data loss or privacy breaches.

Recommendation

It is recommended to update to Gambio version 4.9.2.0 or later to patch this vulnerability and to monitor user accounts for unauthorized changes.

Original NVD description (English source)

An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS