Security Issue in Password Pusher Allows Unauthenticated File Push Creation
CVE-2026-41308
6.5MEDIUM
What is CVE-2026-41308?
An issue in Password Pusher prior to versions 1.69.3 and 2.4.2 allows the unauthenticated creation of file-type pushes via a generic JSON API create path. This vulnerability can potentially bypass authentication protocols, leading to unauthorized access. The issue has been rectified in the latest versions, ensuring enhanced security for users managing sensitive information.
Affected Version(s)
PasswordPusher < 1.69.3 < 1.69.3
PasswordPusher >= 2.0.0-a, < 2.4.2 < 2.0.0-a, 2.4.2
