Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with an attacker-controlled TOTP secret and bypass the additional factor. This could result in unauthorized account access. This issue is fixed in version 5.4.2.
AnalysisAI
Multi-factor authentication bypass in eLabFTW through version 5.4.1 allows attackers with valid primary credentials to complete login using an attacker-controlled TOTP secret, circumventing the second factor requirement and gaining unauthorized account access. The vulnerability stems from inconsistent MFA state preservation across authentication steps. This issue is patched in version 5.4.2.
Technical ContextAI
eLabFTW is an open-source electronic lab notebook platform written in PHP. The vulnerability exists in the LoginController.php authentication flow, specifically in the MfaHelper instantiation during the multi-factor authentication validation step. The affected code previously accepted MFA secrets from both the session (server-side state) and directly from user-supplied request parameters, creating a race condition or logic flaw where an attacker could supply their own TOTP secret if the session state was not properly initialized. The fix (commit 8b7a575) restricts MFA secret retrieval to only the session object, eliminating the fallback to user-controlled request parameters. CWE-302 (Authentication Bypass by Alternate Name) indicates the root cause is improper validation of authentication credentials or state.
RemediationAI
Vendor-released patch: eLabFTW 5.4.2. Users should upgrade immediately from version 5.4.1 or earlier to 5.4.2 or later. The patch modifies LoginController.php to retrieve the MFA secret exclusively from the session object, eliminating the code path that allowed user-supplied TOTP secrets. For users unable to upgrade immediately, compensating controls include enforcing strong password policies to reduce the likelihood of valid credential compromise, implementing account lockout policies after failed authentication attempts, and monitoring authentication logs for unusual patterns (e.g., successful logins from new IP addresses immediately after MFA prompts). However, these controls do not address the underlying MFA bypass and should only be temporary measures. Apply the patch within 7 days for production environments.
eLabFTW is an open source electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulne
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated hig
eLabFTW is an electronic lab notebook manager for research teams. Rated critical severity (CVSS 9.8), this vulnerability
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.8), this vulnerability
eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.3), this vulnerability
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 7.8), this vulnerability
eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 7.2), this vulnerability is
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.5), this vulnerabilit
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.1), this vulnerabilit
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerabilit
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerabilit
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27311