EUVD-2026-9876

🗓️ 05 Mar 2026 21:18:03Reported by EUVDType

Hexpm password reset tokens never expire, risking account takeover if leaked email copies are used.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-21622	5 Mar 202621:18	–	attackerkb
Circl	CVE-2026-21622	5 Mar 202622:23	–	circl
CNNVD	Hexpm 安全漏洞	5 Mar 202600:00	–	cnnvd
CVE	CVE-2026-21622	5 Mar 202621:18	–	cve
Cvelist	CVE-2026-21622 Password Reset Tokens Do Not Expire	5 Mar 202621:18	–	cvelist
NVD	CVE-2026-21622	5 Mar 202622:16	–	nvd
OSV	CVE-2026-21622	5 Mar 202622:16	–	osv
OSV	EEF-CVE-2026-21622 Password Reset Tokens Do Not Expire	5 Mar 202621:18	–	osv
Positive Technologies	PT-2026-23515	5 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-21622	7 Mar 202601:44	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "c7b2500e-6f2f-30b7-b072-3209a2ef1fd1",
        "vendor": {
          "name": "hexpm"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3edb4fd6-bed0-3d2c-8643-0f3568355992",
        "product": {
          "name": "hexpm"
        },
        "product_version": "617e44c71f1dd9043870205f371d375c5c4d886d <bb0e42091995945deef10556f58d046a52eb7884"
      },
      {
        "id": "a63dac19-1817-3e6e-94ca-e9d86c9ceb48",
        "product": {
          "name": "hexpm"
        },
        "product_version": "pkg:github/hexpm/hexpm@617e44c71f1dd9043870205f371d375c5c4d886d <pkg:github/hexpm/hexpm@bb0e42091995945deef10556f58d046a52eb7884"
      },
      {
        "id": "f52373b5-cd24-3c67-a5bd-1ca44d26ed59",
        "product": {
          "name": "hex.pm"
        },
        "product_version": "2025-08-01 <2026-03-05"
      }
    ]
  }
]

Source	Link
github	www.github.com/hexpm/hexpm/security/advisories/GHSA-6r94-pvwf-mxqm
github	www.github.com/hexpm/hexpm/commit/bb0e42091995945deef10556f58d046a52eb7884

05 Mar 2026 21:18Current

6Medium risk

Vulners AI Score6

CVSS 49.5

EPSS0.0039