LOW
QianFox
CVE published 2026-05-27
CVE-2026-9609
A weak password recovery vulnerability exists in QianFox FoxCMS versions up to 1.2.6, specifically within the Edit function of the Admin.php file. The vulnerability allows remote attackers to manipulate password recovery mechanisms, potentially enabling unauthorized account access. The CVSS 4.0 score of 2.0 (LOW severity) reflects the requirement for high privileges (PR:H) to exploit this weakness. The vu [truncated]