Security Issue in Password Pusher Allows Unauthenticated File Push Creation
CVE-2026-41308

6.5MEDIUM

Key Information:

Vendor

Pglombardo

Vendor
CVE Published:
8 May 2026

What is CVE-2026-41308?

An issue in Password Pusher prior to versions 1.69.3 and 2.4.2 allows the unauthenticated creation of file-type pushes via a generic JSON API create path. This vulnerability can potentially bypass authentication protocols, leading to unauthorized access. The issue has been rectified in the latest versions, ensuring enhanced security for users managing sensitive information.

Affected Version(s)

PasswordPusher < 1.69.3 < 1.69.3

PasswordPusher >= 2.0.0-a, < 2.4.2 < 2.0.0-a, 2.4.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.