eLabFTW
CVE-2026-28511
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionGitHub Advisory
eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited (only the title). Attempts to access the underlying protected resource content remain blocked by authorization checks. Version 5.4.2 fixes the issue.
Affected Scope
Cross-scope visibility of titles. No confirmed bypass of content-level access controls
Preconditions
An authenticated user account
No special privileges required beyond standard access
Impact
This may enable unauthorized disclosure of sensitive information if confidential data is included in resource titles. Examples could include project names, patient identifiers, or other regulated information embedded in titles.
AnalysisAI
Information disclosure in eLabFTW prior to version 5.4.2 allows authenticated users to enumerate resource titles outside their authorization scope via numeric reference/search queries. Affected deployments in regulated environments - such as clinical labs or research institutions embedding patient identifiers, project names, or regulated data in resource titles - face elevated sensitivity risk despite the limited scope of exposure. Content-level access controls remain intact; only titles leak. No public exploit identified at time of analysis, and CVSS rates this Medium (4.3), consistent with authenticated, low-impact disclosure.
Technical ContextAI
eLabFTW is an open-source electronic lab notebook used in research and clinical settings, identified by CPE cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*. The vulnerability resides in the numeric reference/search feature, which fails to enforce authorization boundaries when constructing or returning search result sets - returning resource titles from scopes the requesting user is not permitted to access. The root cause class is CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor): the authorization logic correctly blocks access to resource content but does not apply equivalent filtering to title metadata surfaced during search. This is a partial access control failure - a common pattern where resource-level gates are enforced but metadata gates are overlooked.
RemediationAI
Vendor-released patch: eLabFTW 5.4.2, which fixes the authorization gap in the numeric reference/search result set. Administrators should upgrade to 5.4.2 immediately, following the upgrade documentation referenced in the vendor advisory at https://github.com/elabftw/elabftw/security/advisories/GHSA-wm4r-p2jg-2mj3. If immediate upgrade is not possible, a compensating control is to restrict access to the numeric reference/search feature at the application or network layer to only users with broad read authorization - this reduces the attack surface but may impact legitimate search workflows. Alternatively, auditing resource titles to remove sensitive identifiers reduces the disclosure impact without affecting functionality, though this is a data hygiene measure rather than a security fix.
eLabFTW is an open source electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulne
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated hig
eLabFTW is an electronic lab notebook manager for research teams. Rated critical severity (CVSS 9.8), this vulnerability
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.8), this vulnerability
eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.3), this vulnerability
eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 7.8), this vulnerability
eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 7.2), this vulnerability is
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.5), this vulnerabilit
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.1), this vulnerabilit
Multi-factor authentication bypass in eLabFTW through version 5.4.1 allows attackers with valid primary credentials to c
eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerabilit
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today