What is CVE-2026-31283?

CVE-2026-31283 is a vulnerability in N/a. Published 2026-04-13.

Is CVE-2026-31283 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2026-31283

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration def…

EPSS: 0.001 (19.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

saykino/CVE-2026-31283

References

totara.com/
github.com/saykino/CVE-2026-31283

Frequently asked questions

What is CVE-2026-31283?: CVE-2026-31283 is a vulnerability in N/a. Published 2026-04-13.
Is CVE-2026-31283 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.