CVE-2026-27812P2CRITICALCVSS 9.1fixed in 0.1.852026-02-26
CVE-2026-27812 [CRITICAL] CWE-116 CVE-2026-27812: Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product s
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning (Host Header / Forwarded Header trust issue), which allows attackers to manipulate the password reset link. Attackers can exploit this flaw to inject their own d
nvd