API Token Exposure in Vvveb CMS by Givanz
CVE-2026-46407

8.1HIGH

Key Information:

Vendor: Givanz
Status: Vvveb
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-46407?

A vulnerability identified in Vvveb CMS prior to version 1.0.8.3 allows an authenticated administrator to leverage the backend admin/auth-token endpoint to access the REST API token list of other administrators by simply providing the respective user's admin_id. This situation can potentially lead to the unauthorized disclosure of sensitive API tokens, posing a significant security risk to the affected administrators. The vulnerability has since been addressed and resolved in version 1.0.8.3.

Affected Version(s)

Vvveb < 1.0.8.3

References

https://github.com/givanz/Vvveb/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46407 Data

JSON