CVE-2026-40585 blueprintUE: Password Reset Tokens Have No Expiry Window

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

PT-2026-28346

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet’s password management logic had a flaw that allowed previously issued password reset tokens to remain valid even after a user changed their password. This meant a stale token could be reused to...