CVE-2026-2543

Summary

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
vichan-develvichan5.1.0affected
vichan-develvichan5.1.1affected
vichan-develvichan5.1.2affected
vichan-develvichan5.1.3affected
vichan-develvichan5.1.4affected
vichan-develvichan5.1.5affected

Weaknesses

  • CWE-620: Unverified Password Change
  • CWE-640: Weak Password Recovery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References