Medium severity4.3NVD Advisory· Published Mar 27, 2026· Updated Apr 10, 2026
CVE-2026-33284
CVE-2026-33284
Description
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:globaleaks:globaleaks:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:globaleaks:globaleaks:*:*:*:*:*:*:*:*range: <5.0.89
- (no CPE)range: <5.0.89
Patches
Vulnerability mechanics
References
1- github.com/globaleaks/globaleaks-whistleblowing-software/security/advisories/GHSA-84wr-q36q-wqhvnvdExploitMitigationVendor Advisory
News mentions
0No linked articles in our index yet.