CNNVD-202602-2061 Information
CNNVD ID
CNNVD-202602-2061
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 11.14.1之前版本存在安全漏洞,该漏洞源于密码重置功能中存在基于时间的用户枚举漏洞,可能导致可靠地枚举用户。
Description (English)
Directus is a real-time Api and application dashboard from Directus open source. To manage Sql database content. Prior to Directus 11.14.1, there was a security loophole, which stemmed from the time-based user-opening gap in the password-replacement function, which could lead to a reliable user count.
Vulnerability Type
其他
Affected Vendor
Directus
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/directus/directus/commit/e69aa7a5248c6e3e822cb1ac354dee295df90b2a https://github.com/directus/directus/pull/26485 https://github.com/directus/directus/releases/tag/v11.14.1 https://github.com/directus/directus/security/advisories/GHSA-jr94-gj3h-c8rf
Patch
https://github.com/directus/directus/releases
Share on: