Packagist (Composer) package
ralffreit/mfa-email
pkg:composer/ralffreit/mfa-email
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4208 | Hig | 8.8 | < 1.0.7 | 1.0.7 | Mar 17, 2026 | The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider. |
- affected < 1.0.7fixed 1.0.7
The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider.