CVE-2026-40485 | ChurchCRM up to 7.1.x Public API Login Endpoint /api/public/user/login excessive authentication (GHSA-x2qh-xmhq-4jpx)

A vulnerability was found in ChurchCRM up to 7.1.x. It has been classified as problematic. This issue affects some unknown processing of the file /api/public/user/login of the component Public API Login Endpoint. This manipulation causes improper restriction of excessive authentication attempts.

This vulnerability appears as CVE-2026-40485. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More