Description
e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.
Published: 2026-05-26
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

e107, a content management system, contains a Host Header Injection flaw in the password reset process that exists in all releases prior to 2.3.4. An attacker can supply a forged Host header when requesting a password reset, and the CMS uses that header to build the reset URL. The resulting link points to an attacker‑controlled domain, allowing the victim to be duped into submitting credentials to a malicious site. This flaw can directly compromise account validity, confidentiality and integrity, and leads to phishing and account takeover.

Affected Systems

The vulnerability affects e107 installations from e107 Inc. that are running any version older than 2.3.4. All packages that rely on the default password‑reset page before the 2.3.4 fix are susceptible, regardless of the specific minor revision numbers.

Risk and Exploitability

The flaw scores a CVSS of 8.1, indicating high severity. While the EPSS score is not available, the score evidences a significant threat. No known public exploit is listed in the KEV catalog, but the attack can be carried out by any external user who can request a password reset for a target account, making it a practical risk for exposed services. The exploit path requires only an HTTP request with a crafted Host header, with no special authentication or privileges.

Generated by OpenCVE AI on May 26, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to e107 version 2.3.4 or newer
  • Modify the application or web server configuration to force the Host header to the canonical domain when generating password reset URLs, thereby preventing manipulation
  • Ensure that password reset e‑mails contain links constructed from the trusted domain rather than any client‑supplied header

Generated by OpenCVE AI on May 26, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared E107
E107 e107
Vendors & Products E107
E107 e107

Tue, 26 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows attackers to manipulate the Host header to generate password reset links pointing to attacker-controlled domains. This can lead to phishing attacks, account takeover, or other security risks. The severity is high, as the vulnerability affects a critical function related to user authentication. This vulnerability is fixed in 2.3.4.
Title e107: Host Header Injection in e107 password reset enables phishing
Weaknesses CWE-20
CWE-807
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

E107 E107
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-26T15:49:36.185Z

Reserved: 2026-05-04T16:59:09.089Z

Link: CVE-2026-43935

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-26T16:16:25.390

Modified: 2026-05-26T17:16:45.733

Link: CVE-2026-43935

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:30:10Z

Weaknesses