ASR AI Security Radar
Methodology Recent Incidents Get Notified

Back to incidents

AI security incident: Known affected by Account Takeover via Password Reset Token Leakage (GHSA-78wq-6gcv-w...

Incident date: February 13, 2026 | Published: February 14, 2026 | Source: GitHub Security Advisory | Classification confidence: 80%

This incident is part of the public archive. AI-specific signals are limited in the current source material, so source citations should be reviewed closely during triage. Review methodology.

Summary A Critical Broken Authentication vulnerability exists in Known 1.6.2. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox. ### Details The vulnerability occurs within the password reset flow. When a reset is requested, the application generates a verification code. However, the subsequent reset page (/account/password/reset/) incorrectly reflects this code back to the client in the HTML source code.

Why This Is AI-Related

This advisory is part of the public incident archive, but the current source material uses limited explicit AI terminology, so the cited sources should be reviewed carefully when judging AI relevance and exposure.

  • Explicit AI-specific signals are limited in the current source material, so use the cited advisory to validate scope during triage.

Affected Workflow

Audit SSO, service tokens, plugin credentials, user-to-tool permissions, and admin actions exposed through AI features.

Likely Attack Path

The weakness can let an attacker bypass identity checks or gain higher privileges inside an AI-facing product or workflow.

Impact

Severity HIGH with confidence 80%. Validate exposure quickly to reduce security and compliance risk.

Detection And Triage Signals

  • Unexpected admin actions or scope changes from AI-related users
  • Authentication events that skip normal challenge or approval steps
  • New tokens, integrations, or role assignments created without expected workflow traces

Recommended Response

  • Confirm whether affected products, models, or integrations are used in your environment.
  • Apply vendor fixes or mitigations and restrict risky permissions until verified.
  • Monitor logs for related indicators and document containment for audit evidence.

Compliance And Business Impact

Identity control failures can expand blast radius quickly because AI tools often bridge multiple internal systems and datasets.

Sources

Want alerts like this in real time?

Get notified with incident context, likely impact, and response guidance.

Get Notified

More incidents