CVE-2026-29199 - phpBB Host Header Injection Vulnerability
CVE ID :CVE-2026-29199 Published : May 4, 2026, 7:15 a.m. | 53 minutes ago Description :phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host header
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] “Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security
- [CYBER] CISA Flags Linux Kernel Vulnerability as Threat Actors Launch Attacks
- [CYBER] Another breach just hit Canvas (Instructure), and this one is worth a closer look.
- [CYBER] Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching
- [CYBER] New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks
- [CYBER] DOJ Sentences Two Americans for ALPHV BlackCat Ransomware Attacks