CVE-2026-33284
GlobalLeaks has insufficient URL validation in user support API
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches the issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
Productos afectados
globaleaks · globaleaks-whistleblowing-software¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →