← Back

CVE-2026-4208

nvd nist
Published: Mar 17, 2026Modified: Apr 25, 2026

JSON object

Loading...
7.7
Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: f4fb688c-4412-4426-b4b8-421ecf27b14a (Secondary)

Description

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.

Affected (2)

Products: Mrsilaz: Mfa Mail
Mrsilaz
1 product
Mfa Mail
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Mrsilaz
Mfa Mail
Before 1.0.7
Mfa Mail
Version 2.0.0

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

Source: f4fb688c-4412-4426-b4b8-421ecf27b14a
Vendor Advisory

Timeline

No history available yet.