CVE 9.1 CRITICAL

CVE-2026-34408_CVE-2026-34408

May 6, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

AI Analysis

Password reset function bypass vulnerability

Basic Information

ID CVE-2026-34408

Source mitre

Published May 5, 2026 at 00:00

Modified May 6, 2026 at 17:35

Affected Product

Vendor Gambio

Product Gambio GX4

Version 4.0.0.0 to 4.9.2.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-640

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Gambio

Product Gambio GX4

Version 4.0.0.0 to 4.9.2.0

References

{
    "lastseen": "",
    "description": "An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.",
    "published": "2026-05-05T00:00:00.000Z",
    "modified": "2026-05-06T17:35:30.322Z",
    "type": "cve",
    "title": "CVE-2026-34408",
    "source": "mitre",
    "references": "https://www.gambio.de/forum/threads/wichtiges-security-update-2024-02-v1-0-fuer-gx4-v4-0-0-0-bis-v4-9-2-0.50896/\nhttps://herolab.usd.de/security-advisories/usd-2024-0002/",
    "id": "CVE-2026-34408",
    "bulletinFamily": "",
    "cwe": [
        "CWE-640"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Gambio GX4",
    "version": "4.0.0.0 to 4.9.2.0",
    "vendor": "Gambio",
    "ai_description": "Password reset function bypass vulnerability",
    "ai_severity": "Critical",
    "ai_vendor": "Gambio",
    "ai_product": "Gambio GX4",
    "ai_version": "4.0.0.0 to 4.9.2.0",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply