MEDIUMCVE-2025-68402

FreshRSS has an authentication bypass due to truncated bcrypt hash [edge branch]

Platform

php

Component

freshrss

Fixed in

476.0.1

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026

View on NVD

Save

FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. password_verify() is currently being called with a constructed string (SHA-256 nonce + part of a bcrypt hash) instead of the raw user password. Due to bcrypt’s 72-byte input truncation, this causes password verification to succeed even when the user enters an incorrect password. This vulnerability is fixed in 1.27.2-dev (476e57b). The issue was only present in the edge branch and never in a stable release.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

EPSS

0.05% (17% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impactpartial

Affected Software

Componentfreshrss

VendorFreshRSS

Affected rangeFixed in

< 476e57b04646416e24e24c56133c9fadf9e52b95 – < 476e57b04646416e24e24c56133c9fadf9e52b95476.0.1

Weakness Classification (CWE)

CWE-287

Timeline

Reserved2025-12-16
Published2026-03-09
EPSS updated2026-03-23

How to fix

Update FreshRSS to version 1.27.2-dev (commit 476e57b) or later. This version fixes the authentication bypass vulnerability caused by the bcrypt hash truncation. Updating ensures that password verification is performed correctly and unauthorized access is prevented.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.