CVE-2026-10169

🗓️ 31 May 2026 04:45:06Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 12 Views🌐 WEB

CVE-2026-10169 affects OUSL-GROUP-BrinaryBrains School System via forgot password endpoint enabling remote recovery.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-10169	31 May 202604:45	–	attackerkb
Circl	CVE-2026-10169	31 May 202608:54	–	circl
CNNVD	School Student Management System 授权问题漏洞	31 May 202600:00	–	cnnvd
Cvelist	CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery	31 May 202604:45	–	cvelist
EUVD	EUVD-2026-33489	31 May 202604:45	–	euvd
NVD	CVE-2026-10169	31 May 202605:16	–	nvd
Positive Technologies	PT-2026-45172	31 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-10169	2 Jun 202604:03	–	redhatcve
Vulnrichment	CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery	31 May 202604:45	–	vulnrichment

[
  {
    "vendor": "OUSL-GROUP-BrinaryBrains",
    "product": "School Student Management System",
    "versions": [
      {
        "version": "1e70e5ad1125b86dca4ee086eb6bb121f17708b6",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:ousl-group-brinarybrains:school_student_management_system:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Forgot Password Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/367423/cti
vuldb	www.vuldb.com/submit/819395
github	www.github.com/OUSL-GROUP-BrinaryBrains/School-Student-Management-System/issues/26
vuldb	www.vuldb.com/vuln/367423

Parameter	Position	Path	Description	CWE
email	path	application/controllers/Login.php	Weak password recovery via ajax_forgot_password in Forgot Password Endpoint allowing manipulation of email parameter	CWE-640

17 Jun 2026 10:11Current

5.1Medium risk

Vulners AI Score5.1

CVSS 22.6

CVSS 3.13.7

CVSS 46.3

CVSS 33.7

EPSS0.0028

SSVC

CWE-640