CVE-2026-33877 | apostrophecms apostrophe up to 4.28.x Endpoint reset-request timing discrepancy (GHSA-mj7r-x3h3-7rmr)

A vulnerability was found in apostrophecms apostrophe up to 4.28.x. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file /api/v1/@apostrophecms/login/reset-request of the component Endpoint. Performing a manipulation results in observable timing discrepancy.

This vulnerability is cataloged as CVE-2026-33877. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More