Two-Factor Authentication Vulnerability in AIL Framework
CVE-2026-56450

5.1MEDIUM

Key Information:

Vendor: Ail Project
Status: Ail Framework
Vendor: CVE Published:; 22 June 2026

🔔 Create Ail Project Vulnerability Alert

What is CVE-2026-56450?

The AIL Framework suffers from a vulnerability in its two-factor authentication mechanism that fails to limit the number of consecutive failed attempts in verifying the one-time password (OTP). An attacker who has already succeeded in the password authentication phase can exploit this weakness by initiating the OTP verification step, allowing unlimited guesses for a valid code. This presents a significant risk as it may lead to unauthorized access to user accounts. The patch addresses this by implementing a per-user failed-OTP tracking system that temporarily blocks further attempts after 30 failed OTP submissions within one hour, thereby enhancing the security posture of the framework.

Affected Version(s)

ail framework 0 <= 6.8.0

References

https://github.com/ail-project/ail-framework/commit/d3a39...

patch

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Aurelien Thirion

Stephen O

CVE-2026-56450 Data

JSON