Account Lockout Vulnerability in Cryptobox by Cryptocurrency Solutions
CVE-2026-5794

4.9MEDIUM

Key Information:

Vendor: Ercom
Status: Cryptobox
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-5794?

A flaw in Cryptobox allows an authenticated user to lock another user out of their account. By sending a specially crafted request, an attacker can trigger an account lockout, hindering legitimate users' access. This vulnerability poses a security risk as it can be exploited to disrupt user authentication and access control within the application.

Affected Version(s)

Cryptobox 4.40.175

Cryptobox 4.37.237 < 4.38.0

References

https://info.cryptobox.com/doc/v4.40/4.40.en/

release-notes

CVSS V4

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 8, 2026

CVE-2026-5794 Data

JSON

Ercom

What is CVE-2026-5794?

Affected Version(s)

References

CVSS V4

Timeline