Beehive Forum - Account Takeover Vulnerability Severity High Date January 13, 2026 Affected Beehive Forum 1.5.2 ID CVE-2022-50910 CWE CWE-640 Weak Password Recovery Mechanism for Forgotten Password CVSS 4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N References ExploitDB-50923 Beehive Forum Official Website Beehive Forum SourceForge Project Proof of Concept Imgur Credit Pablo Santiago Description Beehive Forum 1.5.2 contains a host header injection vulnerability in the forgot password functionality that allows attackers to manipulate password reset requests. Attackers can inject a malicious host header to intercept password reset tokens and change victim account passwords without direct authentication.