Authentication Bypass in Pause+ Mobile App (CVE-2026-6853)

critical-cve-against-dependency · active

The Pause+ Mobile App fails to limit excessive authentication attempts, allowing attackers to bypass authentication. Versions from v1.0.6 up to (but not including) v1.5 are affected.

Affected packages

• npmPause+ Mobile Appupgrade to ≥ 1.5

Sources

• ghsahttps://github.com/advisories/GHSA-hmm4-32x8-q64g
• nvdhttps://nvd.nist.gov/vuln/detail/CVE-2026-6853
• google-searchhttps://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0368