blueprintue-self-hosted-edition
修复版本
4.2.1
CVE-2026-40585 is a security vulnerability affecting blueprintUE Self-Hosted Edition. This flaw allows an attacker to potentially gain unauthorized access to user accounts by exploiting an issue in the password reset process. The vulnerability impacts versions 0.0.0 through 4.1.9 and is resolved in version 4.2.0.
The vulnerability lies in the password reset token redemption process within blueprintUE. Specifically, the findUserIDFromEmailAndToken() function does not validate the passwordresetat timestamp when redeeming a reset token. This means an attacker who obtains a valid reset token can use it at any time, even long after it was initially generated, effectively bypassing the intended time-based security measure. Successful exploitation could lead to an attacker gaining full control over a user's account, including access to sensitive data and the ability to perform actions on their behalf. The blast radius is limited to the accounts accessible within the blueprintUE system.
This vulnerability was publicly disclosed on 2026-04-21. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's nature makes it likely that a PoC will be developed. The CVSS score of 7.4 (High) indicates a significant potential impact.
Unreal Engine developers and teams using blueprintUE Self-Hosted Edition, particularly those with legacy configurations or those who haven't implemented robust password policies, are at risk. Shared hosting environments where multiple users share the same blueprintUE instance are also at increased risk.
• nodejs: Monitor blueprintUE logs for unusual password reset activity, specifically requests with very old passwordresetat timestamps.
grep 'password_reset_at' blueprintue.log | sort -n | tail -10• generic web: Check blueprintUE access logs for repeated failed password reset attempts from the same IP address, potentially indicating an attacker attempting to brute-force token redemption.
disclosure
漏洞利用状态
EPSS
0.04% (12% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-40585 is to upgrade blueprintUE Self-Hosted Edition to version 4.2.0 or later, which includes the fix. If an immediate upgrade is not possible, consider implementing a temporary workaround by adding a timestamp validation check to the findUserIDFromEmailAndToken() function. This would involve verifying that the passwordresetat timestamp is within a reasonable timeframe before allowing token redemption. Additionally, review and audit all password reset functionalities to ensure robust timestamp validation and token expiration policies are in place. After upgrade, confirm by attempting a password reset and verifying the token's expiration.
Actualice a la versión 4.2.0 o superior para mitigar la vulnerabilidad. Esta versión implementa una verificación de tiempo de expiración para los tokens de restablecimiento de contraseña, evitando que sean válidos indefinidamente.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-40585 is a HIGH severity vulnerability in blueprintUE Self-Hosted Edition where password reset tokens are valid indefinitely, allowing unauthorized account access.
Yes, if you are using blueprintUE Self-Hosted Edition versions 0.0.0 through 4.1.9, you are affected by this vulnerability.
Upgrade to blueprintUE Self-Hosted Edition version 4.2.0 or later to resolve the vulnerability. A temporary workaround involves adding timestamp validation to the token redemption function.
There is currently no indication of active exploitation, but the vulnerability's nature suggests it may be targeted in the future.
Refer to the blueprintUE project's official communication channels and release notes for the advisory regarding CVE-2026-40585.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。