CVE-2026-35507

Published April 3rd, 2026

View on NVD ↗

CVSS v3

6.4

MEDIUM

CVSS v2

N/A

Affected

1

PROJECT

Description

Shynet before 0.14.0 allows Host header injection in the password reset flow.

milesmcc/shynet

Modern, privacy-friendly, and detailed web analytics that works without cookies or JS.

GitHub

3.14K