What is CVE-2026-9609?

CVE-2026-9609 is a medium-severity vulnerability in Qianfox Foxcms, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 4.7/10. Published 2026-05-27.

How severe is CVE-2026-9609?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Vulnerability in Qianfox Foxcms

CVE-2026-9609

A vulnerability was identified in QianFox FoxCMS up to 1.2.6. This affects the function Edit of the file Admin.php. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit is publicly available a…

EPSS: 0.000 (14.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.

Affected products

Qianfox Foxcms — versions 1.2.0, 1.2.1, 1.2.2

Weakness classification (CWE)

CWE-640 — Weak Password Recovery Mechanism for Forgotten Password

References

cna@vuldb.com (technical-description, vdb-entry)
cna@vuldb.com (signature, permissions-required)
cna@vuldb.com (third-party-advisory)
cna@vuldb.com (issue-tracking, exploit)
cna@vuldb.com (product)

Frequently asked questions

What is CVE-2026-9609?: CVE-2026-9609 is a medium-severity vulnerability in Qianfox Foxcms, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 4.7/10. Published 2026-05-27.
How severe is CVE-2026-9609?: Medium severity. CVSS v3 base score is 4.7 out of 10.