LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-24443

CVE-2026-24443 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 26, 2026

EventSentry - Authentication Bypass

Published: February 24, 2026Updated: February 26, 2026Remote Exploitable

Overview

EventSentry < 6.0.1.20 contains a broken authentication vulnerability caused by lack of current password validation in the Web Reports account management, letting attackers with temporary authenticated sessions change passwords and escalate privileges.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 1.3%(Probability of exploitation in next 30 days)

Impact

Attackers with temporary authenticated sessions can change passwords, enabling persistent account takeover and potential privilege escalation.

Mitigation

Update to version 6.0.1.20 or later.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Feb 26, 2026

šŸŸ  CVE-2026-24443 - High (8.8) EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password bef... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-24443/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-24443
Severity
High
CVSS Score
8.8
Type
broken_authentication
Status
confirmed
EPSS
1.3%
Social Posts
1

CWE

  • CWE-620
  • NVD-CWE-Other

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.3%Probability of exploitation in the next 30 days