Skip to main content

Rejetto HFS CVE-2026-61503

MEDIUM
Observable Response Discrepancy (CWE-204)
2026-07-13 VulnCheck
6.9
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-reachable login endpoint requires no authentication or user interaction; impact is strictly limited confidentiality loss (username enumeration) with no integrity, availability, or scope change.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jul 13, 2026 - 19:42 vuln.today
Analysis Generated
Jul 13, 2026 - 19:42 vuln.today

DescriptionCVE.org

Rejetto HFS 3.0.0 through 3.2.0 returns observably different responses from its login endpoint depending on whether the submitted username exists. A remote unauthenticated attacker can use this to confirm valid account names, including the default admin account, facilitating password-guessing and session-forgery attacks.

AnalysisAI

Username enumeration in Rejetto HFS 3.0.0-3.2.0 exposes valid account names-including the default admin account-to remote unauthenticated attackers through observably different login endpoint responses (CWE-204). The vendor release notes for v3.2.1 indicate this is one of multiple related vulnerabilities that collectively could allow an attacker to gain administrative access, suggesting this flaw may serve as a reconnaissance enabler in a broader attack chain. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify network-accessible HFS login endpoint
Delivery
Send automated login requests with username wordlist
Exploit
Observe differing server responses per username
Execution
Confirm valid account names including default admin
Persist
Launch credential-stuffing or brute-force against confirmed accounts
Impact
Achieve administrative access to HFS file server

Vulnerability AssessmentAI

Exploitation No special conditions are required for the enumeration phase: the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the HFS login endpoint needs only to be reachable over the network by the attacker, with no authentication, user interaction, or non-default configuration required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N) accurately reflects a remotely exploitable, zero-prerequisite flaw with limited, one-dimensional confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends automated HTTP POST requests to the HFS login endpoint cycling through a wordlist of common usernames and observes differing response codes, body text, or response timing to identify valid accounts including the default admin. With the admin username confirmed, the attacker proceeds to credential-stuffing using leaked password databases or targeted brute-force, and-given the vendor's disclosure of co-remediated vulnerabilities-may chain this with additional unpatched HFS flaws to achieve full administrative access. …
Remediation Upgrade to Rejetto HFS version 3.2.1 immediately; this release is confirmed by the vendor at https://github.com/rejetto/hfs/releases/tag/v3.2.1 and addresses this flaw alongside additional vulnerabilities that collectively enable administrative compromise. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-61503 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy