Home / Vulnerability Intelligence / CVE-2026-44196

CVE-2026-44196 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: May 12, 2026

Pingvin Share X - Authentication Bypass

Published: May 12, 2026Updated: May 12, 2026Remote Exploitable

Overview

Pingvin Share X 1.14.1 to 1.16.2 contains an authentication bypass caused by improper enforcement of second-factor authentication (TOTP), letting attackers with valid credentials skip 2FA, exploit requires valid username and password.

Severity & Score

Severity: Critical

CVSS Score: 9.1

Impact

Attackers with valid credentials can bypass second-factor authentication, increasing risk of unauthorized account access.

Mitigation

Upgrade to version 1.16.3 or later.

References

https://github.com/smp46/pingvin-share-x/security/advisories/GHSA-j679-vp39-qwqq

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-44196
Severity: Critical
CVSS Score: 9.1
Type: broken_authentication
Status: new

CWE

CWE-287

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N