CVE-2026-2543

LOW 2.7

vichan-devel vichan Password Change pages.php unverified password change

CVSS Score

2.7

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-620 CWE-640
Vendor	vichan-devel
Product	vichan
Published	Feb 16, 2026
Last Updated	Feb 23, 2026

Stay Ahead of the Next One

Get instant alerts for vichan-devel vichan

Be the first to know when new low vulnerabilities affecting vichan-devel vichan are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

vichan-devel / vichan

5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.346152 vuldb.com: https://vuldb.com/?ctiid.346152 vuldb.com: https://vuldb.com/?submit.749716 github.com: https://github.com/lakshayyverma/CVE-Discovery/blob/main/vichan.md

Credits

🔍 lakshay12311 (VulDB User)