CVE-2026-41308

Name: CVE-2026-41308
Creator: NVD / NIST
Published: 2026-05-08T15:16:39.48+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 0.29%

Last modified Jun 17, 2026

CVE-2026-41308 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. This could bypass the intended authentication boundary for file push creation. This issue has been patched in versions 1.69.3 and 2.4.2.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS Probability

0.29%

20.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-288

Affected Software

Vendor	Product	Versions
Apnotic	Password Pusher	< 1.69.3
Apnotic	Password Pusher	>= 2.0.0, < 2.4.2

References

https://github.com/pglombardo/PasswordPusher/commit/45dc2512875231ef45ecd5dfc8c3c8185f882bf4Patch
https://github.com/pglombardo/PasswordPusher/pull/4381Issue Tracking, Patch
https://github.com/pglombardo/PasswordPusher/security/advisories/GHSA-qfh8-f79c-x86cVendor Advisory

Timeline

Published: May 8, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-41308?

How severe is CVE-2026-41308?

CVE-2026-41308 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.

How do I fix CVE-2026-41308?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-41308?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST