Primary

Context

eLabFTW Multi-Factor Authentication Bypass Vulnerability

Vulnerability

Patched

A vulnerability in eLabFTW, an open-source electronic lab notebook, allows for bypassing multi-factor authentication (MFA) under certain conditions. In versions through 5.4.1, the login process did not consistently maintain the MFA state across different authentication steps. This flaw enabled an attacker with valid primary credentials to complete the login process using a manipulated TOTP secret, thereby circumventing the additional authentication factor and gaining unauthorized access to the account.

Impact

Exploiting this vulnerability could lead to unauthorized access to user accounts by allowing attackers to bypass multi-factor authentication, weakening the security intended by this feature.

Remediation

Users are advised to upgrade to eLabFTW version 5.4.2. As a temporary measure, rotate credentials for affected accounts and monitor authentication events closely.

Added: May 5, 2026, 1:23 PM

Updated: May 5, 2026, 1:23 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

7.3

remediation

7.9

relevance

7.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

7.3

remediation

7.9

relevance

7.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

eLabFTW Multi-Factor Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

eLabFTW

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating