CVE-2026-22104
Improper access control in Hashtopolis server chunk activity component
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Improper access control in Hashtopolis server web-interface chunk activity component for versions prior to 0.14.8 allows any created account to read all cracked hashes of a Hashtopolis server instance.
| CWE | CWE-639 |
| Vendor | hashtopolis |
| Product | server |
| Published | Jul 17, 2026 |
| Last Updated | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for hashtopolis server
Be the first to know when new unknown vulnerabilities affecting hashtopolis server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
hashtopolis / server
0 < 0.14.8
References
Credits
Mateo Hahn, Bureau Veritas Cybersecurity Wessel Baltus (DIVD) Max van der Horst (DIVD) Victor Pasman (DIVD)