FKIE_CVE-2026-26273

Vulnerability from fkie_nvd - Published: 2026-02-13 22:16 - Updated: 2026-06-17 10:26
Severity
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox. This vulnerability is fixed in 1.6.3.
References
security-advisories@github.comhttps://github.com/idno/known/commit/8439a0747471559fb1ea9f074b929d390f27e66aPatch
security-advisories@github.comhttps://github.com/idno/known/releases/tag/1.6.3Product, Release Notes
security-advisories@github.comhttps://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28rExploit, Vendor Advisory
Impacted products
Vendor Product Version
withknown known *
To clipboard 

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "known",
          "vendor": "idno",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.3"
            }
          ]
        }
      ],
      "source": "security-advisories@github.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:withknown:known:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12596360-0063-45F0-ADAE-20BDFEA8FABA",
              "versionEndExcluding": "1.6.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user\u0027s email, leading to full Account Takeover (ATO) without requiring access to the victim\u0027s email inbox. This vulnerability is fixed in 1.6.3."
    },
    {
      "lang": "es",
      "value": "Known es una plataforma de publicaci\u00f3n social. Antes de 1.6.3, existe una vulnerabilidad cr\u00edtica de autenticaci\u00f3n rota en Known 1.6.2 y versiones anteriores. La aplicaci\u00f3n filtra el token de restablecimiento de contrase\u00f1a dentro de un campo de entrada HTML oculto en la p\u00e1gina de restablecimiento de contrase\u00f1a. Esto permite a cualquier atacante no autenticado recuperar el token de restablecimiento para cualquier usuario simplemente consultando el correo electr\u00f3nico del usuario, lo que lleva a una toma de control total de la cuenta (ATO) sin requerir acceso a la bandeja de entrada de correo electr\u00f3nico de la v\u00edctima. Esta vulnerabilidad est\u00e1 corregida en 1.6.3."
    }
  ],
  "id": "CVE-2026-26273",
  "lastModified": "2026-06-17T10:26:01.490",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-26273",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-02-17T20:00:43.160262Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-02-13T22:16:11.330",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/idno/known/commit/8439a0747471559fb1ea9f074b929d390f27e66a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Release Notes"
      ],
      "url": "https://github.com/idno/known/releases/tag/1.6.3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-640"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.