CVE-2026-33284
GlobalLeaks has insufficient URL validation in user support API
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches the issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
Produtos afetados
globaleaks · globaleaks-whistleblowing-softwareQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →