ByteOS Network

NVD Vulnerability Details :

CVE-2026-44196

Deferred

Source-security-advisories@github.com

Published At-12 May, 2026 | 18:17

Updated At-13 May, 2026 | 18:21

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication (TOTP) requirement entirely. Although, an attacker still needs the user's password to reach this stage. This vulnerability is fixed in 1.16.3.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 9.1

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weaknesses

CWE ID	Type	Source
CWE-287	Primary	security-advisories@github.com
CWE-697	Primary	security-advisories@github.com

CWE ID: CWE-287

Type: Primary

Source: security-advisories@github.com

CWE ID: CWE-697

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/smp46/pingvin-share-x/security/advisories/GHSA-j679-vp39-qwqq	security-advisories@github.com	N/A

Hyperlink: https://github.com/smp46/pingvin-share-x/security/advisories/GHSA-j679-vp39-qwqq

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History