CVE-2026-25235

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25235

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25235.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25235

Aliases

GHSA-477r-4cmw-3cgf

Downstream

UBUNTU-CVE-2026-25235

Published

2026-02-03T18:29:39.698Z

Modified

2026-02-06T22:20:11.350522Z

Severity

8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

PEAR Has a Predictable Verification Hash in Election Account Requests

Details

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25235.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-337"
    ]
}

References

Affected packages

Git / github.com/pear/pearweb

Affected ranges

Type: GIT
Repo: https://github.com/pear/pearweb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e25236d3e32823f102865005ac54c4669072fc75

Affected versions

pearweb-1.*

pearweb-1.25.0

pearweb-1.26.1

pearweb-1.27.0

pearweb-1.28.1

pearweb-1.29.0

pearweb-1.32.0

pearweb_index-1.*

pearweb_index-1.22.2

pearweb_index-1.23.1

pearweb_index-1.24.0

pearweb_manual-1.*

pearweb_manual-1.2.3

pearweb_manual-1.3.0

v1.*

v1.27.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25235.json"