CRITICAL🇵🇱 Wersja polska

CVE-2026-28213

CVSS 9.8v3.1pub. 2026-02-26upd. 2026-02-28

EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns the password reset token. This allows an attacker to take over the associated account. Version 2.1.1 fixes the issue.

🤖 AI Analysis
How it works

An attacker sends a password reset request by providing the target email address of the victim. The server responds with the password reset token in the API response instead of sending it only to the account owner's email address. With this token, the attacker can set a new password and take control of the account. The attack requires no permissions or interaction from the victim's side.

Impact

An attacker can fully take over any user account on the platform, gaining unauthorized access to personal data, order history and administrative panel, as well as modify or delete data.

Mitigation & patch

EverShop should be updated immediately to version 2.1.1, which eliminates the described vulnerability. The patch is available in the vendor's repository: https://github.com/evershopcommerce/evershop/releases/tag/v2.1.1

Who is affected

EverShop (e-commerce platform) in all versions prior to 2.1.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Evershop

    APP
    Evershop
    < 2.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-25993CRITICAL9.3PL ✓ten sam produkt

Second-order SQL injection w EverShop podczas obsługi kategorii

CVE-2023-46943CRITICAL9.1PL ✓ten sam produkt

Hardkodowany sekret HMAC w @evershop/evershop umożliwia fałszowanie tokenów JWT

CVE-2023-46498CRITICAL9.8PL ✓ten sam produkt

RCE i ujawnienie danych w EverShop NPM przez plik route.json

CVE-2025-67419HIGH7.5ten sam produkt

A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaus...

CVE-2025-65844HIGH7.5ten sam produkt

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via t...