What is CVE-2026-46657?

CVE-2026-46657 is a high-severity vulnerability, classified under Improper Removal of Sensitive Information Before Storage or Transfer. CVSS score: 7.1/10. Published 2026-06-08.

How severe is CVE-2026-46657?

High severity. CVSS v3 base score is 7.1 out of 10.

CVE-2026-46657

CVE-2026-46657

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a us…

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Weakness classification (CWE)

CWE-212 — Improper Removal of Sensitive Information Before Storage or Transfer
CWE-613 — Insufficient Session Expiration

References

security-advisories@github.com
security-advisories@github.com

Frequently asked questions

What is CVE-2026-46657?: CVE-2026-46657 is a high-severity vulnerability, classified under Improper Removal of Sensitive Information Before Storage or Transfer. CVSS score: 7.1/10. Published 2026-06-08.
How severe is CVE-2026-46657?: High severity. CVSS v3 base score is 7.1 out of 10.