Improper Access Control in Hashtopolis Server Web-Interface
CVE-2026-22104

7.1HIGH

Key Information:

Status
Vendor
CVE Published:
17 July 2026

What is CVE-2026-22104?

The Hashtopolis server has a vulnerability in its web-interface chunk activity component, which allows accounts created prior to version 0.14.8 to access and read all cracked hashes stored on the server. This security flaw arises from inadequate access controls, leading to significant data exposure risks for user credentials and sensitive information.

Affected Version(s)

server 0 < 0.14.8

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mateo Hahn, Bureau Veritas Cybersecurity
Wessel Baltus (DIVD)
Max van der Horst (DIVD)
Victor Pasman (DIVD)
.