CVE-2026-46657
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
Bludit is a content management system that has a vulnerability in user management logic in versions prior to 3.22.0. It allows deactivated accounts to maintain access via persistent authentication tokens.
Risk Assessment
The organization may be exposed to unauthorized access to deactivated user accounts, potentially leading to data breaches or other security incidents.
Recommendation
It is recommended to upgrade to version 3.22.0 to eliminate this vulnerability and ensure that authentication tokens are invalidated when accounts are deactivated.
Original NVD description (English source)
Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear the associated tokenAuth and tokenRemember fields in the JSON database. Consequently, any user with a pre-existing "Remember Me" cookie can bypass the account disablement and maintain a valid authenticated state. Version 3.22.0 patches the issue.

