A vulnerability was found in Pocketbase up to 0.22.41/0.37.3 and classified as critical . The impacted element is an unknown function of the component Password Reset Handler . Executing a manipulation can lead to improper authentication. The identification of this vulnerability is CVE-2026-44166 . The attack may be launched remotely. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.