Formalms

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-26744 MEDIUM This Month

FormaLMS 4.1.18 and earlier allows unauthenticated attackers to enumerate valid usernames through the password recovery endpoint by observing differential error messages. This user enumeration vulnerability could enable an attacker to build a list of active accounts for targeted attacks. No patch is currently available for this medium-severity issue.

Information Disclosure Formalms

NVD GitHub

CVSS 3.1

5.3

EPSS

0.0%

CVE-2026-26744

EPSS 0% CVSS 5.3

MEDIUM This Month

FormaLMS 4.1.18 and earlier allows unauthenticated attackers to enumerate valid usernames through the password recovery endpoint by observing differential error messages. This user enumeration vulnerability could enable an attacker to build a list of active accounts for targeted attacks. No patch is currently available for this medium-severity issue.

Information Disclosure Formalms

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy