VYPR

Go modules package

github.com/mattermost/focalboard

pkg:golang/github.com/mattermost/focalboard

Vulnerabilities (2)

  • CVE-2026-28736MedApr 3, 2026
    affected <= 7.10.6

    ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and n

  • CVE-2026-25773HigApr 3, 2026
    affected <= 7.10.6

    ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and l