CVE-2026-9609

MEDIUM 4.7

QianFox FoxCMS Admin.php edit password recovery

CVSS Score

4.7

EPSS Score

0.0%

EPSS Percentile

11th

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-640
Vendor	qianfox
Product	foxcms
Published	May 27, 2026
Last Updated	May 27, 2026

Stay Ahead of the Next One

Get instant alerts for qianfox foxcms

Be the first to know when new medium vulnerabilities affecting qianfox foxcms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

QianFox / FoxCMS

1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/365682 vuldb.com: https://vuldb.com/vuln/365682/cti vuldb.com: https://vuldb.com/submit/818343 github.com: https://github.com/QianFox/FoxCMS/issues/3 github.com: https://github.com/QianFox/FoxCMS/

Credits

🔍 lzihan (VulDB User) VulDB CNA Team