Home / Vulnerability Intelligence / CVE-2026-34408

CVE-2026-34408 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: May 6, 2026

Gambio - Authentication Bypass

Published: May 5, 2026Updated: May 6, 2026Remote Exploitable

Overview

Gambio 4.0.0.0 to 4.9.2.0 contains a broken authentication caused by password reset function bypass allowing setting arbitrary passwords for arbitrary accounts if the ID is known, letting attackers reset passwords without authorization.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers can reset passwords for any account, leading to full account takeover and unauthorized access.

Mitigation

Update to patched version 2024-02 v1.0.0 or later.

References

https://www.gambio.de/forum/threads/wichtiges-security-update-2024-02-v1-0-fuer-gx4-v4-0-0-0-bis-v4-9-2-0.50896/
https://herolab.usd.de/security-advisories/usd-2024-0002/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34408
Severity: Critical
CVSS Score: 9.1
Type: broken_authentication
Status: rejected

CWE

CWE-640

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N