CVE-2026-48902

EUVD-2026-31878
The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H