Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
EventSentry Web Reports Password Change Allows Unauthorized Access
CVE-2026-24443
Summary
Older versions of EventSentry have a security weakness in the password change feature. This means a hacker who gains temporary access to your account can change the password and keep using it. To fix this, update to version 6.0.1.20 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| netikus | eventsentry | <= 6.0.1.20 | – |
Original title
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does n...
Original description
EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker who gains temporary access to an authenticated user session can change the account password without knowledge of the original credentials. This enables persistent account takeover and, if administrative accounts are affected, may result in privilege escalation.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.6
Vulnerability type
CWE-620
- https://www.eventsentry.com/downloads/version-history Release Notes
- https://www.vulncheck.com/advisories/eventsentry-web-reports-unverified-password... VDB Entry Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026