CVE-2026-1836 | THREATINT

Description

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.

PUBLISHED Reserved 2026-02-03 | Published 2026-06-12 | Updated 2026-06-12 | Assigner INCIBE

MEDIUM: 5.3CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-257 Storing passwords in a recoverable format

Product status

Default status

unaffected

Any version before 6.0.7

affected

Any version before 5.1.10

affected

Any version before 5.0.14

affected

6.0.7

unaffected

5.1.10

unaffected

5.0.14

unaffected

References

www.incibe.es/...rt/notices/aviso/stored-credentials-redmine patch

cve.org (CVE-2026-1836)

nvd.nist.gov (CVE-2026-1836)

Download JSON