CVE-2026-54817 FluxBuilder CVE debrief

Who should care

Users of the MStore API, particularly those using versions from n/a to 4.18.4, should be aware of this vulnerability and take necessary actions to mitigate potential risks. This vulnerability has a medium severity score of 6.5.

Technical summary

The CVE-2026-54817 vulnerability is an Authentication Bypass Using an Alternate Path or Channel issue in the MStore API. It affects versions from n/a to 4.18.4 and allows for password recovery exploitation. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.

Defensive priority

medium

Recommended defensive actions

• Update MStore API to a version beyond 4.18.4
• Implement additional authentication mechanisms
• Monitor for suspicious password recovery attempts
• Restrict access to the MStore API
• Use secure password recovery processes
• Regularly review and update API dependencies
• Consider using a Web Application Firewall (WAF)

Evidence notes

The information provided is based on data from the NVD and Patchstack. The CVE record was published on June 17, 2026, and last modified on the same day. The vulnerability details are sourced from official vulnerability databases and mitigation or vendor references.

Official resources