Auth bypass in Fduflyer Droneaware-node-releases
CVE-2026-48117
DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attac…
Vulnerability class: Broken Authentication
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.
Affected products
- Fduflyer Droneaware-node-releases — versions < server-2026-05-20
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-48117?
- CVE-2026-48117 is a medium-severity vulnerability in Fduflyer Droneaware-node-releases, classified under Improper Authentication. CVSS score: 6.8/10. Published 2026-06-17.
- How severe is CVE-2026-48117?
- Medium severity. CVSS v3 base score is 6.8 out of 10.