216.73.216.133

CVE-2026-3186

· Published 25/02/2026 14:16 · Modified 26/02/2026 15:53

Labels: CVE-2026-3186 2026-02-25CVE-2026-3186CWE-1393[email protected]

Essential information

Published
25/02/2026 14:16
Modified
26/02/2026 15:53
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default password. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.3.3-beta addresses this issue. Patch name: aefaabfd7527188bfba3c8c9eee17c316d094802. It is suggested to upgrade the affected component. The project was informed beforehand and acted very professional: "We have added authorization validation to the password reset interface; now only users with the corresponding permissions are allowed to perform password resets."

NVD status

Status
Analyzed — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:*:*:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.0.0:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.0.1:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.0.2:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.1.0:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.2.0:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.2.1:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.2.2:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.2.3:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.2.4:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.2.5:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.2.6:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.3.0:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.3.1:beta:*:*:*:*:*:*
szadmin / sz-boot-parent cpe:2.3:a:szadmin:sz-boot-parent:1.3.2:beta:*:*:*:*:*:*

References