Skip to main content
CVE-2026-25741 HIGH This Week

Zulip's payment method update API endpoint in the upgrade flow lacks proper authorization checks, allowing any organization member to modify the default payment method by completing a Stripe Checkout session. This vulnerability affected Zulip Cloud users and has been patched; self-hosted deployments are not impacted and require no action.

Authentication Bypass
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-27896 HIGH PATCH This Week

s standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions up to 1.3.1. contains a security vulnerability.

Information Disclosure Mcp Go Sdk
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy