CVE-2026-27492 | lettermint lettermint-node up to 1.5.0 Password Reset send wrong session (GHSA-49pc-8936-wvfp)

A vulnerability was found in lettermint lettermint-node up to 1.5.0. It has been rated as problematic. This affects the function send of the component Password Reset Handler. This manipulation causes exposure of data element to wrong session.

This vulnerability is registered as CVE-2026-27492. The attack needs to be launched locally. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More