CVE-2026-44547
Deferred
Deferred - Pending Action
BaseFortify
Publication date: 2026-05-12
Last updated on: 2026-05-13
Assigner: GitHub, Inc.
Description
Description
ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release therefore remains exploitable by the PoC published with the original advisory. This vulnerability is fixed in 7.3.1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-304 | The product implements an authentication technique, but it skips a step that weakens the technique. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70