REPRO-2026-00095 CRITICAL RCE Verified

Known CMS: Account Takeover via Password Reset Token Leakage

idno/known (composer) Feb 19, 2026

Open in Codespaces Download Script

Confidence HIGH

Reproduced in 17m 40s

Tool calls 103

Affected <= 1.6.2

Fixed in 1.6.3

What's the vulnerability?

A Critical Broken Authentication vulnerability exists in Known 1.6.2. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox.

Root Cause Analysis

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00095

or pruva-verify GHSA-78wq-6gcv-w28r

or pruva-verify CVE-2026-26273

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

1

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00095/artifacts/repro/reproduction_steps.sh

2

Make executable

chmod +x reproduction_steps.sh

3

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

repro/reproduction_steps.sh8.6 KB

repro/rca_report.md6.7 KB

bundle/ticket.json9.7 KB

bundle/ticket.md3.4 KB

bundle/source.json5.7 KB

logs/post_variant_test.php0.3 KB

logs/webserver.log52.2 KB

logs/reset_page.html0.0 KB

logs/console_password.txt0.0 KB

logs/api_password_files.txt0.1 KB

logs/cookies.txt0.1 KB

logs/similar_patterns.txt0.3 KB

logs/variant_summary.txt1.6 KB

logs/homepage.html0.0 KB

logs/admin_cookies.txt0.1 KB

logs/template_leaks.txt1.1 KB

logs/email_lookup.txt0.3 KB