← Back

CVE-2026-26744

nvd nist
Published: Feb 19, 2026Modified: Feb 26, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are registered in the system through observable response discrepancy.

Affected (1)

Products: Formalms: Formalms
Formalms
1 product
Formalms
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Formalms
Up to 4.1.18

Related CWEs

CWE-204
Observable Response Discrepancy
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

References (2)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Third Party Advisory

Timeline

No history available yet.