CVE-2026-46657
7.1 HIGHBludit is a content management system
Published: 2026-06-08 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
- CWE
- CWE-212, CWE-613
Description
Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear the associated tokenAuth and tokenRemember fields in the JSON database. Consequently, any user with a pre-existing "Remember Me" cookie can bypass the account disablement and maintain a valid authenticated state. Version 3.22.0 patches the issue.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-46656 — Bludit is a content management system (8.8 HIGH)
- CVE-2026-46401 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2026-36178 — The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition,... (4.6 MEDIUM)
- CVE-2026-48726 — A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: t... (6.5 MEDIUM)
- CVE-2026-44648 — SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generat... (7.5 HIGH)