CVE-2026-26744

MEDIUM 5.3

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are registered in the system through observable response discrepancy.

Vendor	n/a
Product	n/a
Published	Feb 19, 2026
Last Updated	Feb 24, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new medium vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/formalms/formalms.git github.com: https://github.com/lorenzobruno7/CVE-2026-26744