CVE-2026-3186
Unauthorized Password Reset in feiyuchuixue sz-boot-parent Allows Remote Attack
Publication date: 2026-02-25
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| szadmin | sz-boot-parent | to 0.9.0 (inc) |
| szadmin | sz-boot-parent | 1.0.0 |
| szadmin | sz-boot-parent | 1.0.1 |
| szadmin | sz-boot-parent | 1.0.2 |
| szadmin | sz-boot-parent | 1.1.0 |
| szadmin | sz-boot-parent | 1.2.0 |
| szadmin | sz-boot-parent | 1.2.1 |
| szadmin | sz-boot-parent | 1.2.2 |
| szadmin | sz-boot-parent | 1.2.3 |
| szadmin | sz-boot-parent | 1.2.4 |
| szadmin | sz-boot-parent | 1.2.5 |
| szadmin | sz-boot-parent | 1.2.6 |
| szadmin | sz-boot-parent | 1.3.0 |
| szadmin | sz-boot-parent | 1.3.1 |
| szadmin | sz-boot-parent | 1.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1393 | The product uses default passwords for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3186 is a vulnerability in the feiyuchuixue sz-boot-parent project up to version 1.3.2-beta. It affects the Password Reset Handler component, specifically the API endpoint /api/admin/sys-user/reset/password/. The vulnerability arises from improper handling of the userId argument, which can be manipulated remotely to reset a user's password to a default password without proper authorization."}, {'type': 'paragraph', 'content': 'This means an attacker can remotely trigger a password reset for any user, causing their password to be set to a known default value, bypassing normal permission checks.'}, {'type': 'paragraph', 'content': 'The issue was fixed by adding authorization validation so that only users with the appropriate permissions can perform password resets, and upgrading to version 1.3.3-beta addresses this vulnerability.'}] [3, 6]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability allows unauthorized remote attackers to reset any user's password to a default password, potentially gaining unauthorized access to user accounts."}, {'type': 'paragraph', 'content': 'Such unauthorized access compromises the confidentiality, integrity, and availability of the affected system by allowing attackers to impersonate users, access sensitive data, and disrupt normal operations.'}, {'type': 'paragraph', 'content': 'Because the exploit is publicly disclosed and straightforward to use, systems running vulnerable versions are at significant risk until patched.'}] [3, 6]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves unauthorized password resets via the API endpoint /api/admin/sys-user/reset/password/ by manipulating the userId argument remotely. Detection can focus on monitoring network traffic or logs for suspicious or unauthorized calls to this endpoint.'}, {'type': 'paragraph', 'content': 'Suggested detection methods include:'}, {'type': 'list_item', 'content': 'Inspect web server or application logs for POST requests to /api/admin/sys-user/reset/password/ that originate from non-administrative users or unexpected IP addresses.'}, {'type': 'list_item', 'content': 'Use network monitoring tools (e.g., tcpdump, Wireshark) to capture HTTP requests targeting the password reset API endpoint and analyze for unusual patterns or repeated attempts.'}, {'type': 'list_item', 'content': 'Example command to search logs for suspicious password reset attempts (assuming logs are in /var/log/app.log):\n\n grep "/api/admin/sys-user/reset/password/" /var/log/app.log | grep -v "admin"'}, {'type': 'list_item', 'content': 'Example tcpdump command to capture HTTP POST requests to the vulnerable endpoint:\n\n tcpdump -i any -A -s 0 \'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)\' | grep "/api/admin/sys-user/reset/password/"'}, {'type': 'paragraph', 'content': 'Since the exploit is publicly available and straightforward, monitoring for unauthorized password resets and anomalous API usage is critical.'}] [3, 6]
What immediate steps should I take to mitigate this vulnerability?
The primary and recommended mitigation is to upgrade the affected component feiyuchuixue sz-boot-parent to version 1.3.3-beta or later, which includes the patch that adds authorization validation to the password reset interface.
Additional immediate steps include:
- Restrict access to the /api/admin/sys-user/reset/password/ endpoint to only authorized administrative users.
- Implement network-level controls such as firewall rules or API gateway policies to block unauthorized requests to the password reset API.
- Monitor logs and alerts for any suspicious password reset attempts and respond promptly.
The patch identified by commit aefaabfd7527188bfba3c8c9eee17c316d094802 enforces permission checks, preventing unauthorized password resets and eliminating the vulnerability.