CVE Catalog

CVE-2026-46657

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

21th percentile - higher than 21% of all known CVEs

Summary

Bludit is a content management system that has a vulnerability in user management logic in versions prior to 3.22.0. It allows deactivated accounts to maintain access via persistent authentication tokens.

Risk Assessment

The organization may be exposed to unauthorized access to deactivated user accounts, potentially leading to data breaches or other security incidents.

Recommendation

It is recommended to upgrade to version 3.22.0 to eliminate this vulnerability and ensure that authentication tokens are invalidated when accounts are deactivated.

Original NVD description (English source)

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear the associated tokenAuth and tokenRemember fields in the JSON database. Consequently, any user with a pre-existing "Remember Me" cookie can bypass the account disablement and maintain a valid authenticated state. Version 3.22.0 patches the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS