A vulnerability classified as critical was found in apostrophecms apostrophe up to 4.29.0 . Impacted is an unknown function of the component Reset Handler . Executing a manipulation can lead to weak password recovery. The identification of this vulnerability is CVE-2026-45013 . The attack may be launched remotely. There is no exploit available.