CVE-2026-33707: Chamilo LMS (CRITICAL) password reset flaw — reset tokens are sha1(email), no randomness or expiry. Attackers with an email can hijack accounts. Affected: <1.11.38, 2.0.0-alpha.1 – <2.0.0-RC.3. Patch now! https://radar.offseq.com/threat/cve-2026-33707-cwe-640-weak-password-recovery-mech-2af5871d #OffSeq #infosec #CVE #LMS