Threats Tagged 'cve-2026-44460'
View all threats tagged with 'cve-2026-44460'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-44460'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-44460: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in error311 FileRiseCVE-2026-44460 0 FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the password check (state pending_login_user). When the target account already has TOTP configured, the endpoint decrypts and returns the user's existing TOTP secret inside the QR PNG instead of refusing or generating a new secret. An attacker who already possesses the victim's password can therefore retrieve the live TOTP secret, derive a valid one-time code, submit it to /api/totp_verify.php, and obtain a fully authenticated session without ever possessing the victim's authenticator device. This vulnerability is fixed in 3.12.0. Join the discussion | CVE Database V5 | 05/27/2026, 16:39:12 UTC Added: 05/27/2026, 17:48:43 UTC |
Showing 1 to 1 of 1 result