CVE-2026-26185 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the pas…
Medium CVSS: 5.3

CVE-2026-26185

Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an invalid reset_url parameter is provided, the response time differs by approximately 500ms between existing and non-existing users, enabling reliable user enumeration. This vulnerability is fixed in 11.14.1.
Vendor
Monospace
Product
Directus
CWE
CWE-203
Yayın Tarihi
2026-02-12 22:16:07
Güncelleme
2026-02-20 21:09:03
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-203 Directus MEDIUM Monospace 2026

Referanslar

https://github.com/directus/directus/commit/e69aa7a5248c6e3e822cb1ac354dee295df90b2a https://github.com/directus/directus/pull/26485 https://github.com/directus/directus/releases/tag/v11.14.1 https://github.com/directus/directus/security/advisories/GHSA-jr94-gj3h-c8rf