CVE-2026-1213

MEDIUM

askbot <= 0.12.2 - Authenticated Profile Picture Modification

Title source: llm

Description

All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.

References (3)

Core 3

Core References

Various Sources third-party-advisory

https://fluidattacks.com/advisories/ghost

Patch patch

https://github.com/ASKBOT/askbot-devel/commit/3da3d75f35204aa71633c7a315327ba39cb6295d

View Patch ZIP pw:eip

Various Sources product

https://askbot.com/

Scores

CVSS v3 4.3

EPSS 0.0032

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (3)

askbot/askbot < 0.12.2

askbot/askbot 0.12.2

pypi/askbot 0 - 0.12.3PyPI

Published Jan 27, 2026

Tracked Since Feb 18, 2026