CVE-2025-70948

{"id": "CVE-2025-70948", "cveTags": [], "metrics": {}, "published": "2026-03-05T21:16:13.737", "references": [{"url": "https://gist.github.com/0xHunterr/38aab644874ca9f4646524c5b01cfe5e", "source": "[email protected]"}, {"url": "https://github.com/perfood/couch-auth", "source": "[email protected]"}, {"url": "https://www.npmjs.com/package/@perfood/couch-auth", "source": "[email protected]"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header."}], "lastModified": "2026-03-05T21:16:13.737", "sourceIdentifier": "[email protected]"}