A vulnerability, which was classified as problematic , was found in phpBB up to 3.3.15 . This issue affects the function force_server_vars of the component Header Validation Handler . The manipulation results in weak password recovery. This vulnerability is identified as CVE-2026-29199 . The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.