Primary

Context

Shynet Host Header Injection Vulnerability in Password Reset Flow

Vulnerability

A host header injection vulnerability has been identified in Shynet versions prior to 0.14.0, specifically within the password reset process. This issue allows for manipulation of the host header, potentially leading to unauthorized actions or information disclosure.

Impact

Exploitation of this vulnerability could result in host header injection, allowing an attacker to manipulate the host header in requests, which could be used to conduct attacks such as password reset poisoning.

Remediation

Users can upgrade to Shynet version 0.14.0 or later to address this vulnerability. The updated version is available on the Shynet GitHub releases page.

Added: Apr 3, 2026, 2:18 AM

Updated: Apr 3, 2026, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shynet Host Header Injection Vulnerability in Password Reset Flow

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating