CVE-2025-70948

Published: Mar 5, 2026

Modified: Mar 6, 2026

PUBLISHED

Description

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.npmjs.com/package/@perfood/couch-auth

https://github.com/perfood/couch-auth

https://gist.github.com/0xHunterr/38aab644874ca9f4646524c5b01cfe5e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-70948

Description

Affected Products

References