{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T11:43:50.517","vulnerabilities":[{"cve":{"id":"CVE-2026-31881","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T19:16:04.787","lastModified":"2026-03-16T20:53:43.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator (admin) password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization checks. During the 15-minute reset window, any remote user can set a new operator password and log in as admin. This vulnerability is fixed in 4.8.0."},{"lang":"es","value":"Runtipi es un orquestador de homeserver personal. Antes de la versión 4.8.0, un atacante no autenticado puede restablecer la contraseña del operador (administrador) cuando una solicitud de restablecimiento de contraseña está activa, lo que resulta en una toma de control completa de la cuenta. El endpoint POST /api/auth/reset-password está expuesto sin comprobaciones de autenticación/autorización. Durante la ventana de restablecimiento de 15 minutos, cualquier usuario remoto puede establecer una nueva contraseña de operador e iniciar sesión como administrador. Esta vulnerabilidad se corrige en la versión 4.8.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:runtipi:runtipi:*:*:*:*:*:*:*:*","versionEndExcluding":"4.8.0","matchCriteriaId":"7F1DB2A0-4BA2-4CD6-BD14-04BCA5CBD7EE"}]}]}],"references":[{"url":"https://github.com/runtipi/runtipi/security/advisories/GHSA-96fm-whrc-cwg3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}