{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35507", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-03T01:00:34.056Z", "datePublished": "2026-04-03T01:00:35.019Z", "dateUpdated": "2026-04-03T13:21:46.817Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Shynet", "vendor": "milesmcc", "versions": [{"lessThan": "0.14.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Shynet before 0.14.0 allows Host header injection in the password reset flow."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-348", "description": "CWE-348 Use of Less Trusted Source", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T01:00:35.019Z"}, "references": [{"url": "https://github.com/milesmcc/shynet/releases/tag/v0.14.0"}, {"url": "https://github.com/milesmcc/shynet/pull/345"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T13:21:40.595240Z", "id": "CVE-2026-35507", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:21:46.817Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35507", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T13:21:40.595240Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:21:43.691Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "milesmcc", "product": "Shynet", "versions": [{"status": "affected", "version": "0", "lessThan": "0.14.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/milesmcc/shynet/releases/tag/v0.14.0"}, {"url": "https://github.com/milesmcc/shynet/pull/345"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "Shynet before 0.14.0 allows Host header injection in the password reset flow."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-348", "description": "CWE-348 Use of Less Trusted Source"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T01:00:35.019Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35507", "state": "PUBLISHED", "dateUpdated": "2026-04-03T13:21:46.817Z", "dateReserved": "2026-04-03T01:00:34.056Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-03T01:00:35.019Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shynet:shynet:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EA534A1-DEA7-4340-828F-006D2762A2E1", "versionEndIncluding": "0.13.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Shynet before 0.14.0 allows Host header injection in the password reset flow."}], "id": "CVE-2026-35507", "lastModified": "2026-04-10T02:01:43.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-03T02:16:15.170", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://github.com/milesmcc/shynet/pull/345"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/milesmcc/shynet/releases/tag/v0.14.0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-348"}], "source": "cve@mitre.org", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.14.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Shynet", "source": "cna", "vendor": "milesmcc"}, "product": "shynet", "vendor": "milesmcc"}], "analysis": {"en": {"generated_at": "2026-04-10T04:22:44.904785+00:00", "value": {"mitigation_remediation": ["Upgrade Shynet to version 0.14.0 or later", "If an upgrade cannot be performed immediately, configure the web server or reverse proxy to restrict the Host header to trusted hostnames only", "After updating, verify that the application no longer uses the Host header when building reset URLs"], "summary": {"action": "Patch Now", "impact": "Host header injection"}, "threat_synthesis": {"affected_systems": "The affected product is Shynet from milesmcc. Any installation running a version older than 0.14.0 is vulnerable. The issue was fixed in release 0.14.0.", "description_and_impact": "Shynet versions before 0.14.0 allow a host header injection during the password reset process. The application uses the value of the Host header to construct reset emails, enabling an attacker to supply a malicious host that causes reset links to point to a forged domain, potentially leading to credential theft or phishing.", "risk_and_exploitability": "The severity is moderate. Exploitation probability is low, estimated below 1%. The flaw is not listed in the CISA KEV catalog. An attacker would need only to send a crafted request to the password reset endpoint from an external network, providing a malicious Host header value."}}}}, "created": "2026-04-03T07:31:15.576351+00:00", "updated": "2026-04-10T09:45:40.472681+00:00", "vendors": ["milesmcc", "milesmcc$PRODUCT$shynet"]}