Package impact
npm / @strapi/plugin-users-permissions
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22706 | medium | 6.5 | 6.5 | 14d ago | Strapi: Password Reset Does Not Revoke Existing Refresh Sessions | |||
| CVE-2025-64526 | medium | 5.3 | 5.3 | 14d ago | Strapi has a rate limit bypass on users-permissions plugin via attacker-controlled email keying |