CVE Catalog
CVE-2026-34408
CriticalSummary
An issue was discovered in Gambio version 4.9.2.0 that allows the password reset function to be bypassed, enabling arbitrary passwords to be set for arbitrary accounts if the account ID is known.
Risk Assessment
The organization may be exposed to unauthorized access to user accounts, potentially leading to data loss or privacy breaches.
Recommendation
It is recommended to update to Gambio version 4.9.2.0 or later to patch this vulnerability and to monitor user accounts for unauthorized changes.
Original NVD description (English source)
An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

