Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.0
Sub2API Password Reset Link Hijacking in Versions Prior to 0.1.85
CVE-2026-27812
Summary
Old versions of Sub2API's password reset feature can be tricked by attackers, allowing them to steal user accounts. This affects all users of Sub2API versions before 0.1.85. To stay safe, update to version 0.1.85 or disable the 'forgot password' feature until the update can be applied.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sub2api | sub2api | <= 0.1.85 | – |
Original title
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning (Host Hea...
Original description
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning (Host Header / Forwarded Header trust issue), which allows attackers to manipulate the password reset link. Attackers can exploit this flaw to inject their own domain into the password reset link, leading to the potential for account takeover. The vulnerability has been fixed in version v0.1.85. If upgrading is not immediately possible, users can mitigate the vulnerability by disabling the "forgot password" feature until an upgrade to a patched version can be performed. This will prevent attackers from exploiting the vulnerability via the affected endpoint.
nvd CVSS3.1
9.1
nvd CVSS4.0
8.0
Vulnerability type
CWE-116
- https://github.com/Wei-Shaw/sub2api/security/advisories/GHSA-vc2q-289v-74g3 Mitigation Vendor Advisory
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026