Authentication Bypass Vulnerability in blueprintUE Tool for Unreal Engine Developers
CVE-2026-40586

7.5HIGH

Key Information:

Vendor: Blueprintue
Status: Blueprintue-self-hosted-edition
Vendor: CVE Published:; 21 April 2026

🔔 Create Blueprintue Vulnerability Alert

What is CVE-2026-40586?

The blueprintUE tool, designed for Unreal Engine developers, contains a significant vulnerability that allows attackers to perform unlimited login attempts without any form of throttling. This lack of IP-based rate limiting and failure counters exposes users to dictionary attacks, credential stuffing, and targeted login attempts against accounts using easily guessable passwords. The security flaw persists in versions prior to 4.2.0, but it has been addressed in the latest release. To ensure the safety of your application and user credentials, it is vital to update to version 4.2.0 or later.

Affected Version(s)

blueprintue-self-hosted-edition < 4.2.0

References

https://github.com/blueprintue/blueprintue-self-hosted-ed...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-40586 Data

JSON