HomeCVE Intelligence › CVE-2026-45013
CVSS 8.1 HIGH Vulnerability

CVE-2026-45013: Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Inp…

Summary ApostropheCMS's password reset flow constructs the reset URL using req.hostname, which is derived directly from the attacker-controlled HTTP Host header when apos.baseUrl is not explicitly configured. An unauthe…

8.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-45013
Vendornpm
Affected Productapostrophe
Vulnerability TypeVulnerability
CVSS Score8.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary ApostropheCMS's password reset flow constructs the reset URL using req.hostname, which is derived directly from the attacker-controlled HTTP Host header when apos.baseUrl is not explicitly configured. An unauthenticated attacker who knows a victim's email address can send a crafted reset request that causes the application to email the victim a reset link pointing to the attacker's domain. When the victim clicks the link, the valid reset token is delivered to the attacker, enabling full account takeover.

Affected Component modules/@apostrophecms/login/index.jsresetRequest route Precondition: passwordReset: true is set and apos.baseUrl is not configured.

Vulnerability Details The setPrefixUrls middleware (i18n layer) builds req.baseUrl using `req.ho

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-45013 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence