NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41161

Summary	Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. This issue has been patched in version 2.2.0.
Publication Date	May 8, 2026, 11:16 p.m.
Registration Date	May 9, 2026, 4:12 a.m.
Last Update	May 9, 2026, 1:08 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/Sync-in/server/releases/tag/v2.2.0	security-advisories@github.com
2	https://github.com/Sync-in/server/security/advisories/GHSA-43fj-qp3h-hrh5	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-208	タイミングの違いに起因する情報漏えい	https://cwe.mitre.org/data/definitions/208.html