blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken() queries only for a matching email + passwordreset token pair — it does not check whether the passwordreset_at timestamp has elapsed any maximum window. A generated reset token is valid indefinitely until it is explicitly consumed or overwritten by a subsequent reset request. This vulnerability is fixed in 4.2.0.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40585.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-640"
]
}