A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are registered in the system through observable response discrepancy.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Formalms |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Formalms |
|
References
History
Fri, 20 Feb 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Formalms
Formalms formalms |
|
| Vendors & Products |
Formalms
Formalms formalms |
Thu, 19 Feb 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are registered in the system through observable response discrepancy. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-02-19T21:20:57.987Z
Reserved: 2026-02-16T00:00:00.000Z
Link: CVE-2026-26744
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2026-02-19T22:16:47.627
Modified: 2026-02-20T13:49:47.623
Link: CVE-2026-26744
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-02-20T10:11:32Z