EIP-2026-104359

PRE-CVE

NodeBB Forum 1.12.2-1.14.2 - Account Takeover

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104359. PoCs published by Muhammed Eren Uygun.

AI-analyzed exploit summary This exploit demonstrates an account takeover vulnerability in NodeBB Forum versions 1.12.2 to 1.14.2. By manipulating the `uid` parameter in a socket.io call, an attacker can change the password of any user, including the admin.

Description

NodeBB Forum 1.12.2-1.14.2 - Account Takeover

Exploits (1)

exploitdb WORKING POC

by Muhammed Eren Uygun · textwebappsmultiple

https://www.exploit-db.com/exploits/48875

View Code ZIP pw:eip

This exploit demonstrates an account takeover vulnerability in NodeBB Forum versions 1.12.2 to 1.14.2. By manipulating the `uid` parameter in a socket.io call, an attacker can change the password of any user, including the admin.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: NodeBB Forum 1.12.2-1.14.2

Auth required

Prerequisites: Valid user account · Access to password change functionality

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026