Unreal Engine Dev Tool Vulnerability Allows Indefinite Password Reset Token Validity

/HIGH /CVSS 7.4/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-640
Unreal Engine Dev Tool Vulnerability Allows Indefinite Password Reset Token Validity

The National Vulnerability Database has detailed CVE-2026-40585, a high-severity vulnerability (CVSS 7.4) affecting blueprintUE, a tool for Unreal Engine developers. The flaw exists in versions prior to 4.2.0.

According to the National Vulnerability Database, when a password reset is initiated, the system generates a 128-character cryptographically secure pseudorandom number generator (CSPRNG) token and stores it alongside a password_reset_at timestamp. However, the critical issue lies in the token redemption function, findUserIDFromEmailAndToken(). This function only validates a matching email and password reset token pair, completely disregarding the password_reset_at timestamp. This means there’s no check for an elapsed maximum window for token validity.

Consequently, a generated reset token remains valid indefinitely until it is either explicitly consumed or overwritten by a subsequent reset request. This is a significant lapse in session management, creating a persistent attack vector. The National Vulnerability Database confirms this vulnerability is resolved in blueprintUE version 4.2.0.

What This Means For You

  • If your development team uses blueprintUE for Unreal Engine, immediately verify that all installations are updated to version 4.2.0 or later. Any older versions expose your developers to indefinite password reset token validity, which an attacker could exploit to gain persistent account access. Audit all blueprintUE user accounts for unusual activity and force password resets for any accounts that may have initiated a reset request on vulnerable versions.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1078.004 Cloud Accounts Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-40585 - BlueprintUE Indefinite Password Reset Token Validity

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-40585 Auth Bypass blueprintUE versions prior to 4.2.0
CVE-2026-40585 Auth Bypass Vulnerable function: findUserIDFromEmailAndToken()
CVE-2026-40585 Auth Bypass Password reset tokens do not expire.

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 21, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared

CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET...

vulnerabilityCVEmedium-severitycwe-352
/SCW Vulnerability Desk /MEDIUM /5.4 /⚑ 2 IOCs /⚙ 3 Sigma

FreeScout Vulnerability: Unrestricted File Write via ZIP Upload

CVE-2026-41193 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating...

vulnerabilityCVEcriticalhigh-severitycwe-22
/SCW Vulnerability Desk /CRITICAL /9.1 /⚑ 3 IOCs /⚙ 3 Sigma

FreeScout Attachment Flaw Allows Data Deletion

CVE-2026-41192 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment...

vulnerabilityCVEhigh-severitycwe-862
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 3 IOCs /⚙ 3 Sigma