CVE-2026-34408 PUBLISHED

Assigner: mitre
Reserved: 27.03.2026 Published: 05.05.2026 Updated: 05.05.2026

An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

Product Status

Vendor	n/a
Product	n/a
Versions	Version n/a is affected

References

https://www.gambio.de/forum/threads/wichtiges-security-update-2024-02-v1-0-fuer-gx4-v4-0-0-0-bis-v4-9-2-0.50896/
https://herolab.usd.de/security-advisories/usd-2024-0002/

Problem Types

n/a text