CVE-2026-16218
Received Received - Intake

Storage Reset Failure in hunvreus devpush

Vulnerability report for CVE-2026-16218, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-19

Last updated on: 2026-07-19

Assigner: VulDB

Description

A vulnerability was detected in hunvreus devpush up to 0.4.6. Affected by this issue is the function reset_storage of the file app/workers/tasks/storage.py of the component Storage Reset Failure Handler. The manipulation results in improper check or handling of exceptional conditions. A high complexity level is associated with this attack. The exploitation is known to be difficult. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-19
Last Modified
2026-07-19
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hunvreus devpush to 0.4.6 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-703 The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects the devpush project up to version 0.4.6. The issue is in the storage reset function which fails to handle exceptions properly. When an error occurs during storage reset, the system logs the error but incorrectly marks the storage as active. This makes users think the reset succeeded when old data remains.

Detection Guidance

Check the storage status logs for devpush after a reset operation. Look for cases where the storage status remains 'active' despite errors during reset_storage(). Verify if old data persists after a reset attempt by inspecting storage directories or databases.

Impact Analysis

The vulnerability could lead to data integrity issues. Users may believe their storage was cleared, but old data persists and is used in operations. This could cause unintended data exposure or corruption. The attack requires high complexity and is difficult to exploit.

Compliance Impact

This vulnerability could lead to non-compliance with data protection regulations like GDPR and HIPAA by allowing old data to persist after a storage reset operation. If users assume data was cleared but it remains active, this may violate requirements for data deletion or secure erasure. The misleading status update could result in unauthorized access to outdated or improperly handled data.

Mitigation Strategies

Update the exception handling in app/workers/tasks/storage.py to set storage status to 'failed' or restore it to the previous state when reset_storage() encounters an error. Avoid relying on the current misleading behavior where status remains 'active' despite failures.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16218. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart