Information disclosure in Mwtcmi Frogman

CVE-2026-46514

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fm_reset_password in Tools/ResetPassword.php:48-53 returned a plaintext password and fm_add_extension in Tools/AddExtension.php:172 returned a plaintext secret…

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-46514?
CVE-2026-46514 is a medium-severity vulnerability in Mwtcmi Frogman, classified under Insertion of Sensitive Information into Log File. CVSS score: 6.5/10. Published 2026-07-16.
How severe is CVE-2026-46514?
Medium severity. CVSS v3 base score is 6.5 out of 10.