CVE-2026-46514
Received Received - Intake

Plaintext Password Exposure in Frogman PBX via API

Vulnerability report for CVE-2026-46514, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: GitHub, Inc.

Description

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, fm_reset_password in Tools/ResetPassword.php:48-53 returned a plaintext password and fm_add_extension in Tools/AddExtension.php:172 returned a plaintext secret; Frogman.class.php:2207-2211 used auditOutcome to JSON-encode those responses into oc_audit_log.detail, allowing any PERM_READ caller with access to fm_audit_search to recover the stored credentials. This issue is fixed in version 1.6.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
mwtcmi frogman to 1.6.0 (inc)
mwtcmi frogman 1.6.2
mwtcmi frogman 1.6.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-46514 is a vulnerability in the Frogman software where plaintext passwords and secrets are logged in the audit log. Functions like fm_reset_password and fm_add_extension return sensitive data which is then stored in oc_audit_log.detail. Users with PERM_READ access can retrieve these credentials from the audit log, allowing unauthorized access.

Detection Guidance

Check the oc_audit_log table in your database for plaintext passwords or secrets in the detail field. Use SQL queries like SELECT * FROM oc_audit_log WHERE detail LIKE '%password%' OR detail LIKE '%secret%'; to identify exposed credentials.

Impact Analysis

An attacker with read-only access can exploit this to extract plaintext admin passwords or extension secrets from the audit log. This allows them to log in as an admin or gain unauthorized access to sensitive systems. The impact includes potential data breaches and unauthorized system control.

Compliance Impact

This vulnerability likely violates GDPR and HIPAA due to unauthorized access to sensitive personal data (passwords, secrets) stored in plaintext logs. It compromises data confidentiality and integrity, leading to potential non-compliance with privacy and security requirements.

Mitigation Strategies

Upgrade to Frogman version 1.6.2 or later. Backup the oc_audit_log table before upgrading if historical data is critical. Avoid using fm_reset_password with non-admin tokens as a temporary workaround.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46514. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart