Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

mfa_mail

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2026-4208
Assigner-f4fb688c-4412-4426-b4b8-421ecf27b14a
ShareView Details
Assigner-f4fb688c-4412-4426-b4b8-421ecf27b14a
CVSS Score-7.7||HIGH
EPSS-0.07% / 21.61%
||
7 Day CHG~0.00%
Published-17 Mar, 2026 | 08:34
Updated-25 Apr, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email)

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.

Action-Not Available
Vendor-mrsilazTYPO3 Association
Product-mfa_mailExtension "E-Mail MFA Provider"
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key