🔐 CVE Alert

CVE-2026-24443

UNKNOWN 0.0

EventSentry < 6.0.1.20 Web Reports Unverified Password Change

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker who gains temporary access to an authenticated user session can change the account password without knowledge of the original credentials. This enables persistent account takeover and, if administrative accounts are affected, may result in privilege escalation.

CWE CWE-620
Vendor netikus.net ltd
Product eventsentry
Published Feb 24, 2026
Last Updated Mar 5, 2026
Stay Ahead of the Next One

Get instant alerts for netikus.net ltd eventsentry

Be the first to know when new unknown vulnerabilities affecting netikus.net ltd eventsentry are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NETIKUS.NET ltd / EventSentry
0 < 6.0.1.20

References

NVD ↗ CVE.org ↗ EPSS Data ↗
eventsentry.com: https://www.eventsentry.com/downloads/version-history vulncheck.com: https://www.vulncheck.com/advisories/eventsentry-web-reports-unverified-password-change

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. VulnCheck