SecuriTricks - CVE-2026-1836

Description

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.

Product(s) Impacted

Vendor	Product	Versions
*	*	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-257

Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	/	/	/	/	/	/	/	/	/	/

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-credentials-redmine

CVSS Score

5.3 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: LOW
Attack Requirements: PRESENT
Privileges Required: LOW
User Interaction: ACTIVE
Scope:
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: June 12, 2026, 2:16 p.m.
Last Modified: June 12, 2026, 4 p.m.

Status : Deferred

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-1836