Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

apnotic

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated ProductsRelated AssignersReports
1Vulnerabilities found
CVE-2026-41308
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.17%
||
7 Day CHG+0.01%
Published-08 May, 2026 | 14:30
Updated-05 Jun, 2026 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication

Password Pusher is an open source application to communicate sensitive information over the web. Prior to versions 1.69.3 and 2.4.2, a security issue in OSS PasswordPusher allowed unauthenticated creation of file-type pushes through a generic JSON API create path under certain configurations. This could bypass the intended authentication boundary for file push creation. This issue has been patched in versions 1.69.3 and 2.4.2.

Action-Not Available
Vendor-apnoticpglombardo
Product-password_pusherPasswordPusher
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel