CVE-2026-40582 | ChurchCRM up to 7.1.x API Endpoint /api/public/user/login authentication bypass (GHSA-8cwr-x83m-mh9x)

A vulnerability labeled as critical has been found in ChurchCRM up to 7.1.x. Affected by this issue is some unknown functionality of the file /api/public/user/login of the component API Endpoint. Such manipulation leads to authentication bypass using alternate channel.

This vulnerability is uniquely identified as CVE-2026-40582. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More