Vulnerability in Openaev-platform Openaev
CVE-2026-24467
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's password reset implementation contains…
EPSS: 0.013 (80.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Openaev-platform Openaev — versions >= 1.0.0, < 2.0.13
Weakness classification (CWE)
References
- https://github.com/OpenAEV-Platform/openaev/security/advisories/GHSA-vcjx-vw28-25p2 (x_refsource_CONFIRM)
- https://github.com/OpenAEV-Platform/openaev/commit/c09a4e71ea76d26fc28c9b51c76bca89a902df4f (x_refsource_MISC)
- https://github.com/OpenAEV-Platform/openaev/blob/82fa7d0009017110c9b509d0dc1b3a78164259dd/openaev-api/src/main/java/io/openaev/rest/user/UserApi.java#L120 (x_refsource_MISC)
- https://github.com/OpenAEV-Platform/openaev/releases/tag/2.0.13 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2026-24467?
- CVE-2026-24467 is a critical-severity vulnerability in Openaev-platform Openaev, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 9.1/10. Published 2026-04-20.
- How severe is CVE-2026-24467?
- Critical severity. CVSS v3 base score is 9.1 out of 10.