Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-61503

MEDIUM NVD
CVSS Score 5.3
Severity MEDIUM
Published Jul 13, 2026
Vendor unknown

Description

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and session-forgery attacks.

References