Vulnerability Database

323,735

Total vulnerabilities in the database

CVE-2026-26744

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are registered in the system through observable response discrepancy.

Published: Feb 19, 2026
Updated: Feb 20, 2026
CVE: CVE-2026-26744
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

https://github.com/formalms/formalms.git
https://github.com/lorenzobruno7/CVE-2026-26744

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo