{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T18:37:38.236","vulnerabilities":[{"cve":{"id":"CVE-2026-32616","sourceIdentifier":"security-advisories@github.com","published":"2026-03-16T14:19:39.393","lastModified":"2026-04-16T14:57:08.337","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $_SERVER['HTTP_HOST'] without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification link sent to the user's email to point to an attacker-controlled domain. This can lead to account takeover by stealing the email verification token. This vulnerability is fixed in 1.0.201."},{"lang":"es","value":"Pigeon es un tablón de mensajes/bloc de notas/sistema social/blog. Antes de 1.0.201, la aplicación utiliza $_SERVER['HTTP_HOST'] sin validación para construir URLs de verificación de correo electrónico en los flujos de registro y resendmail. Un atacante puede manipular el encabezado Host en la solicitud HTTP, haciendo que el enlace de verificación enviado al correo electrónico del usuario apunte a un dominio controlado por el atacante. Esto puede llevar a la toma de control de cuenta mediante el robo del token de verificación de correo electrónico. Esta vulnerabilidad está corregida en 1.0.201."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"references":[{"url":"https://github.com/kasuganosoras/Pigeon/releases/tag/1.0.201","source":"security-advisories@github.com"},{"url":"https://github.com/kasuganosoras/Pigeon/security/advisories/GHSA-rrj4-9wgq-prcr","source":"security-advisories@github.com"}]}}]}