CVE-2026-35507

Summary

Shynet before 0.14.0 allows Host header injection in the password reset flow.

Affected Software

VendorProductVersion RangeStatus
milesmccShynet0 < 0.14.0affected

Weaknesses

  • CWE-348: CWE-348 Use of Less Trusted Source

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References