CVE-2026-55207 - Pimcore: Account Takeover via Password Reset URL Injection allows unauthenticated attacker to hijack any admin account with 2FA bypass
CVE ID :CVE-2026-55207 Published : July 9, 2026, 9:16 p.m. | 1 hour, 15 minutes ago Description :Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, an unauthenticated attacker who knows a valid admin username can take over any Pimcore admin...