Loading market data...
← Back to CVE feed

CVE-2026-47181

UNKNOWN View on NVD ↗

Description

PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of an account, leading to full account takeover. An attacker only needs a registered account and a valid password reset token for their own account. This issue has been patched in version 1.0.0.

Published: Jun 11, 2026 19:16 UTC Modified: Jun 11, 2026 20:58 UTC