CVE-2026-27812
Published: 26 February 2026
Summary
CVE-2026-27812 is a critical-severity Improper Encoding or Escaping of Output (CWE-116) vulnerability in Sub2Api Sub2Api. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms; in the Adversarial Attacks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates untrusted inputs such as Host and Forwarded headers to prevent attackers from injecting malicious domains into password reset links.
Ensures timely identification, reporting, and patching of the specific flaw fixed in Sub2API v0.1.85.
Implements least functionality by disabling the forgot password feature to block exploitation of the vulnerable endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE describes remote unauthenticated exploitation of a public-facing API endpoint (password reset) via header injection, directly matching T1190 for initial access; successful exploitation results in account takeover, directly enabling T1078 Valid Accounts abuse.
NVD Description
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning (Host Header / Forwarded Header trust issue), which allows attackers…
more
to manipulate the password reset link. Attackers can exploit this flaw to inject their own domain into the password reset link, leading to the potential for account takeover. The vulnerability has been fixed in version v0.1.85. If upgrading is not immediately possible, users can mitigate the vulnerability by disabling the "forgot password" feature until an upgrade to a patched version can be performed. This will prevent attackers from exploiting the vulnerability via the affected endpoint.
Deeper analysisAI
CVE-2026-27812 is a Password Reset Poisoning vulnerability stemming from a Host Header and Forwarded Header trust issue in Sub2API, an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. The flaw affects versions prior to 0.1.85 and has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), linked to CWE-116 (Improper Encoding or Escaping of Output). It enables attackers to manipulate password reset links by injecting malicious domains.
Any remote attacker without privileges or user interaction can exploit this vulnerability over the network with low complexity. By targeting the affected endpoint, they can alter the password reset URL to point to a domain they control, potentially leading to full account takeover by intercepting and abusing the reset process.
The vulnerability is fixed in Sub2API version v0.1.85. If immediate upgrading is not feasible, the advisory recommends disabling the "forgot password" feature to block exploitation via the affected endpoint. Additional details are available in the GitHub Security Advisory at https://github.com/Wei-Shaw/sub2api/security/advisories/GHSA-vc2q-289v-74g3.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- Adversarial Attacks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, ai