Primary

Context

PEAR Predictable Verification Hash Vulnerability in Election Account Requests Authorization Bypass

Vulnerability

Patched

A vulnerability exists in PEAR versions prior to 1.33.0, where predictable verification hashes can be exploited to guess verification tokens. This may allow attackers to verify election account requests without proper authorization. The issue arises because the verification hash is derived from predictable inputs using MD5, creating a window of opportunity for exploitation.

Impact

Exploitation of this vulnerability could lead to unauthorized verification of election account requests, bypassing normal authorization processes.

Remediation

Users can upgrade to PEAR version 1.33.0 or later to address this vulnerability.

Added: Feb 3, 2026, 7:33 PM

Updated: Feb 3, 2026, 7:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PEAR Predictable Verification Hash Vulnerability in Election Account Requests Authorization Bypass

Vulnerability

Impact

Remediation

Affected Products

PEAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating