CVE-2026-34828

HIGH

listmonk: Active sessions remain valid after password reset and password change

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-34828. PoCs published by 0xmrma.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-34828, a session persistence vulnerability in listmonk where authenticated sessions remain valid after password resets or changes. The writeup includes root cause analysis, code paths, and proof-of-concept validation steps.

Description

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and password change. As a result, an attacker who has already obtained a valid session cookie can retain access to the account even after the victim changes or resets their password. This weakens account recovery and session security guarantees. This issue has been patched in version 6.1.0.

Exploits (1)

nomisec WRITEUP 1 stars

by 0xmrma · poc

https://github.com/0xmrma/CVE-2026-34828

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-34828, a session persistence vulnerability in listmonk where authenticated sessions remain valid after password resets or changes. The writeup includes root cause analysis, code paths, and proof-of-concept validation steps.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: listmonk

Auth required

Prerequisites: valid authenticated session cookie · access to password reset or change functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (3)

Core 3

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/knadh/listmonk/security/advisories/GHSA-h5j9-cvrw-v5qh

X_Refsource_Misc x_refsource_misc

https://github.com/knadh/listmonk/commit/db82035d619348949512dafdaf60c86037cafc9e

View Writeup ZIP pw:eip

X_Refsource_Misc x_refsource_misc

https://github.com/knadh/listmonk/releases/tag/v6.1.0

Scores

CVSS v3 7.1

EPSS 0.0002

EPSS Percentile 4.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-613

Status published

Products (3)

knadh/listmonk 1.1.1-0.20241028090858-319053dd7a90 - 1.1.1-0.20260329113754-1b5e8d38c778Go

knadh/listmonk >= 4.1.0, < 6.1.0

nadh/listmonk 4.1.0 - 6.1.0

Published Apr 02, 2026

Tracked Since Apr 02, 2026