CVE-2026-46657EPSS p18.5%

CVE-2026-46657CVE-2026-46657

Description

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear the associated tokenAuth and tokenRemember fields in the JSON database. Consequently, any user with a pre-existing "Remember Me" cookie can bypass the account disablement and maintain a valid authenticated state. Version 3.22.0 patches the issue.

Scoring

CVSS 7.1 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS0.27% probability of exploitation · percentile 18.5% · 2026-06-18T12:00:27Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-46656
CVE
CVE-2026-25101
CVE
CVE-2026-25099
CVE
CVE-2025-56643
CVE
CVE-2026-26273
CVE
CVE-2026-6456
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.