๐Ÿ” CVE Alert

CVE-2026-22104

UNKNOWN 0.0

Improper access control in Hashtopolis server chunk activity component

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Improper access control in Hashtopolis server web-interface chunk activity component for versions prior to 0.14.8 allows any created account to read all cracked hashes of a Hashtopolis server instance.

CWE CWE-639
Vendor hashtopolis
Product server
Published Jul 17, 2026
Last Updated Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for hashtopolis server

Be the first to know when new unknown vulnerabilities affecting hashtopolis server are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

hashtopolis / server
0 < 0.14.8

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
csirt.divd.nl: https://csirt.divd.nl/CVE-2026-22104 csirt.divd.nl: https://csirt.divd.nl/DIVD-2026-00010 github.com: https://github.com/hashtopolis/server/releases/tag/v0.14.8

Credits

Mateo Hahn, Bureau Veritas Cybersecurity Wessel Baltus (DIVD) Max van der Horst (DIVD) Victor Pasman (DIVD)