{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-35507", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-03T01:00:34.056Z", "datePublished": "2026-04-03T01:00:35.019Z", "dateUpdated": "2026-04-03T13:21:46.817Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Shynet", "vendor": "milesmcc", "versions": [{"lessThan": "0.14.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "Shynet before 0.14.0 allows Host header injection in the password reset flow."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-348", "description": "CWE-348 Use of Less Trusted Source", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T01:00:35.019Z"}, "references": [{"url": "https://github.com/milesmcc/shynet/releases/tag/v0.14.0"}, {"url": "https://github.com/milesmcc/shynet/pull/345"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T13:21:40.595240Z", "id": "CVE-2026-35507", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:21:46.817Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-35507", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T13:21:40.595240Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:21:43.691Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "milesmcc", "product": "Shynet", "versions": [{"status": "affected", "version": "0", "lessThan": "0.14.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/milesmcc/shynet/releases/tag/v0.14.0"}, {"url": "https://github.com/milesmcc/shynet/pull/345"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "Shynet before 0.14.0 allows Host header injection in the password reset flow."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-348", "description": "CWE-348 Use of Less Trusted Source"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-03T01:00:35.019Z"}}}, "cveMetadata": {"cveId": "CVE-2026-35507", "state": "PUBLISHED", "dateUpdated": "2026-04-03T13:21:46.817Z", "dateReserved": "2026-04-03T01:00:34.056Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-03T01:00:35.019Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Shynet before 0.14.0 allows Host header injection in the password reset flow."}], "id": "CVE-2026-35507", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2026-04-03T02:16:15.170", "references": [{"source": "cve@mitre.org", "url": "https://github.com/milesmcc/shynet/pull/345"}, {"source": "cve@mitre.org", "url": "https://github.com/milesmcc/shynet/releases/tag/v0.14.0"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-348"}], "source": "cve@mitre.org", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.14.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Shynet", "source": "cna", "vendor": "milesmcc"}, "product": "shynet", "vendor": "milesmcc"}], "analysis": {"en": {"generated_at": "2026-04-03T03:21:04.140567+00:00", "value": {"mitigation_remediation": ["Update Shynet to version 0.14.0 or later.", "If upgrading is not immediately possible, restrict the Host header to the expected value by configuring a reverse proxy or application firewall to reject requests with mismatched Host headers."], "summary": {"action": "Apply Patch", "impact": "Host Header Injection"}, "threat_synthesis": {"affected_systems": "The affected software is Shynet, provided by milesmcc. All installations running any version earlier than 0.14.0 are impacted, because the bug was fixed in the 0.14.0 release. No specific patch-level information is available beyond the release distinction.", "description_and_impact": "The vulnerability occurs in Shynet versions prior to 0.14.0 where the application accepts an arbitrary Host header during the password reset flow. Attackers can alter the Host header to manipulate the domain included in password reset links, enabling malicious redirects or phishing attacks. The weakness is classified as Host Header Injection, which can lead to tampered URLs sent to users, thereby undermining assurance of legitimate authentication flows and potentially deceiving users into revealing credentials or installing malware.", "risk_and_exploitability": "The CVSS score of 6.4 indicates a medium severity vulnerability. The exploitability is low to moderate, as it requires an attacker to trick a legitimate user into clicking a password reset link that contains a modified Host header. Because EPSS is not available and the vulnerability is not listed in the CISA KEV catalog, it is not known to be actively exploited in the wild; however, the potential for social engineering means non\u2011technical users could be compromised if they trust generated links."}}}}, "created": "2026-04-03T07:31:15.576351+00:00", "title": "Host Header Injection in Shynet Password Reset Flow", "updated": "2026-04-03T09:16:03.530624+00:00", "vendors": ["milesmcc", "milesmcc$PRODUCT$shynet"]}