Unauthorized Password Reset in Feiyuchuixue's Sz-Boot-Parent up to Version 1.3.2-Beta

CVE-2026-3186

What is CVE-2026-3186?

A security vulnerability was discovered in the Sz-Boot-Parent component by Feiyuchuixue, specifically affecting versions up to 1.3.2-beta. This vulnerability allows attackers to exploit an inadequate validation mechanism associated with the password reset functionality, where the argument userId may be manipulated. As a direct result of this exploitation, attackers could set passwords to defaults, thereby gaining unauthorized access to accounts. The flaw can be exploited remotely, making it essential for users to upgrade to version 1.3.3-beta, which incorporates a new authorization validation protocol. This update ensures that only users with the required permissions can execute password reset actions, mitigating the associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References