HIGH
PenguinMod
CVE published 2026-06-11
CVE-2026-47181
CVE-2026-47181 is a HIGH-severity vulnerability in PenguinMod-BackendApi, a backend API for PenguinMod. Prior to version 1.0.0, the API was vulnerable to NoSQL injection in its password reset endpoint. This flaw allowed any authenticated user to change the password of any account, potentially leading to full account takeover. An attacker would only need a registered account and a valid password reset toke [truncated]