Browse all 4 CVE security advisories affecting blueprintue. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Blueprintue is a software development platform focused on application lifecycle management and deployment automation. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. These vulnerabilities often stem from insufficient input validation and improper access controls in its web interface and API endpoints. While no major public security incidents have been widely documented, the consistent pattern of critical vulnerabilities in its core functionality suggests a need for enhanced security testing and input sanitization practices within its development lifecycle.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40588 | blueprintUE: Authenticated Password Change Does Not Verify Current Password — blueprintue-self-hosted-editionCWE-620 | 8.1 | High | 2026-04-21 |
| CVE-2026-40587 | blueprintUE: Active Sessions Are Not Invalidated After Password Change or Reset — blueprintue-self-hosted-editionCWE-613 | 6.5 | Medium | 2026-04-21 |
| CVE-2026-40586 | blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection — blueprintue-self-hosted-editionCWE-307 | 7.5 | High | 2026-04-21 |
| CVE-2026-40585 | blueprintUE: Password Reset Tokens Have No Expiry Window — blueprintue-self-hosted-editionCWE-640 | 7.4 | High | 2026-04-21 |
This page lists every published CVE security advisory associated with blueprintue. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.