CVE-2026-41308EPSS p20.4%

CVE-2026-41308CVE-2026-41308

apnotic / password_pusher

Description

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. This could bypass the intended authentication boundary for file push creation. This issue has been patched in versions 1.69.3 and 2.4.2.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS0.29% probability of exploitation · percentile 20.4% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
ProjectSend Improper Authentication Vulnerability
CVE
CVE-2025-52159
CVE
CVE-2025-67397
CVE
Apache APISIX Authentication Bypass Vulnerability
CVE
CVE-2026-25471
CVE
CVE-2026-41394
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.