CVE-2025-70948 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account take…
Critical CVSS: 9.3

CVE-2025-70948

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.
Vendor
-
Product
-
CWE
CWE-644
Yayın Tarihi
2026-03-05 21:16:13
Güncelleme
2026-03-09 13:36:08
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-644 CRITICAL 2026

Referanslar

https://gist.github.com/0xHunterr/38aab644874ca9f4646524c5b01cfe5e https://github.com/perfood/couch-auth https://www.npmjs.com/package/@perfood/couch-auth