Medium severity5.9NVD Advisory· Published May 5, 2026· Updated May 12, 2026
CVE-2026-28510
CVE-2026-28510
Description
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with an attacker-controlled TOTP secret and bypass the additional factor. This could result in unauthorized account access. This issue is fixed in version 5.4.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
2- github.com/elabftw/elabftw/commit/8b7a575aef128870861187eaa2b2f0f08654ecf9nvdPatch
- github.com/elabftw/elabftw/security/advisories/GHSA-x5wv-c9q4-fj65nvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.