CVE-2026-28681
HIGH
GHSA-22m3-c7vp-49fj
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Tags
Description
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation request. The confirmation link in the resulting email can then point to an attacker-controlled domain. Opening the link in the email is sufficient to pass the token to the attacker, who can then use it on the real IRRD instance to take over the account. A compromised account can then be used to modify RPSL objects maintained by the account's mntners and perform other account actions. If the user had two-factor authentication configured, which is required for users with override access, an attacker is not able to log in, even after successfully resetting the password. This issue has been patched in versions 4.4.5 and 4.5.1.
Analysis
Unauthorized account takeover in Internet Routing Registry daemon (IRRD) versions 4.4.0-4.4.4 and 4.5.0-4.5.0 results from improper Host header validation during password reset and account creation flows, allowing attackers to redirect confirmation emails to attacker-controlled domains. An attacker can intercept the confirmation token from a user's email and leverage it to compromise the targeted account, potentially gaining ability to modify RPSL objects and perform unauthorized account actions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running IRR daemon versions 4.4.0-4.4.4 or 4.5.0 and isolate them from public internet access if possible. Within 7 days: Implement compensating controls (see below) and disable password reset/account creation features if not operationally critical. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today