CVE-2026-35507

Medium

Shynet before 0.14.0 allows Host header injection in the password reset flow.

mitre·CWE-348·Published 2026-04-03

CVSS

6.5

EPSS

0.00

KEV

Exploits

cve.orgen

77 chars

Shynet before 0.14.0 allows Host header injection in the password reset flow.

NVDen

77 chars

Shynet before 0.14.0 allows Host header injection in the password reset flow.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
3.1	Primary	cve.org	6.4	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L