Home

Description

An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

PUBLISHED Reserved 2026-03-27 | Published 2026-05-05 | Updated 2026-05-06 | Assigner mitre

References

www.gambio.de/...-v1-0-fuer-gx4-v4-0-0-0-bis-v4-9-2-0.50896/

herolab.usd.de/security-advisories/usd-2024-0002/

cve.org (CVE-2026-34408)

nvd.nist.gov (CVE-2026-34408)

Download JSON