CVE-2026-61503
MEDIUM
NVD
CVSS Score
5.3
Severity
MEDIUM
Published
Jul 13, 2026
Vendor
unknown
Description
Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and session-forgery attacks.