VYPR
Medium severity4.3NVD Advisory· Published Mar 27, 2026· Updated Apr 10, 2026

CVE-2026-33284

CVE-2026-33284

Description

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:globaleaks:globaleaks:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:globaleaks:globaleaks:*:*:*:*:*:*:*:*range: <5.0.89
    • (no CPE)range: <5.0.89

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.