How to fix CVE-2026-3106?

Within 24 hours: Inventory all Teampass deployments and confirm current versions. Within 7 days: Upgrade all instances to Teampass 3.1.5.16 or later. Within 30 days: Audit failed login logs for suspicious username patterns, review administrator session logs for unauthorized activity, and reset credentials for any accounts with administrative access to the Teampass system.

Is PHP affected by CVE-2026-3106?

Teampass password manager versions before 3.1.5.16 contain a critical blind cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious code into failed login logs, which executes when administrators review those logs.

CVE-2026-3106

EUVD-2026-17345 CRITICAL

2026-03-31 INCIBE

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 31, 2026 - 09:15 vuln.today

EUVD ID Assigned

Mar 31, 2026 - 09:15 euvd

EUVD-2026-17345

Patch Released

Mar 31, 2026 - 09:15 nvd

Patch available

CVE Published

Mar 31, 2026 - 08:51 nvd

CRITICAL 9.3

Description

Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information entered by the user in the username field. As a result, arbitrary JavaScript code is automatically executed in the administrator's browser when viewing failed login entries, resulting in a blind XSS condition.

Analysis

Blind Cross-Site Scripting in Teampass password manager versions prior to 3.1.5.16 allows unauthenticated remote attackers to execute arbitrary JavaScript in administrator browsers via malicious username input during failed login attempts. The vulnerability achieves high confidentiality and integrity impact (CVSS 9.3) because malicious code is stored and automatically executed when administrators review failed authentication logs, enabling potential session hijacking, credential theft, or administrative account compromise. …

Remediation

Within 24 hours: Inventory all Teampass deployments and confirm current versions. Within 7 days: Upgrade all instances to Teampass 3.1.5.16 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +46

POC: 0

CVE-2026-3106 vulnerability details – vuln.today

Back

CVE-2026-3106

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-3106

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code