CVE Field Guide
About Us
CVE-2026-35507
PUBLISHED
Assigner:
mitre
Reserved:
03.04.2026
Published:
03.04.2026
Updated:
03.04.2026
Shynet before 0.14.0 allows Host header injection in the password reset flow.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L
CVSS Score:
6.4
CVSS score
6.4
Attack Vector
Network
Scope
Unchanged
Attack Complexity
High
Confidentiality Impact
Low
Privileges Required
None
Integrity Impact
High
User Interaction
Required
Availability Impact
Low
CVSS 3.1
Product Status
Vendor
milesmcc
Product
Shynet
Versions
Default:
unaffected
affected from 0 to 0.14.0 (excl.)
References
https://github.com/milesmcc/shynet/releases/tag/v0.14.0
https://github.com/milesmcc/shynet/pull/345
Problem Types
CWE-348 Use of Less Trusted Source
CWE