What is CVE-2026-40586?

CVE-2026-40586 is a high-severity vulnerability in Blueprintue Blueprintue-self-hosted-edition, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 7.5/10. Published 2026-04-21.

How severe is CVE-2026-40586?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Blueprintue Blueprintue-self-hosted-edition

CVE-2026-40586

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-ac…

EPSS: 0.001 (16.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Blueprintue Blueprintue-self-hosted-edition — versions < 4.2.0

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

https://github.com/blueprintue/blueprintue-self-hosted-edition/security/advisories/GHSA-m6c2-6p3h-8jv2 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-40586?: CVE-2026-40586 is a high-severity vulnerability in Blueprintue Blueprintue-self-hosted-edition, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 7.5/10. Published 2026-04-21.
How severe is CVE-2026-40586?: High severity. CVSS v3 base score is 7.5 out of 10.