CVE-2026-46513 in frogmanالمعلومات

الملخص

بحسب MITRE • 16/07/2026

Frogman provides headless PBX control through MCP and HTTP API. Prior to 1.6.2, Frogman stored API tokens generated by Tools/CreateApiToken.php:33-36 as raw bin2hex(random_bytes(32)) strings in oc_api_tokens, and Frogman.class.php:78 authenticated the X-Frogman-Token header by comparing it with the stored raw value, allowing database read access to recover reusable active tokens at their assigned permission level, including admin. This issue is fixed in version 1.6.2.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

مسؤول

GitHub M

حجز

14/05/2026

إفشاء

16/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-379607

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!