Bugsink

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-40162 HIGH PATCH GHSA This Week

Authenticated arbitrary file write in Bugsink 2.1.0 allows remote attackers to write malicious content to filesystem locations accessible by the application process through exploitation of the artifact bundle assembly flow. Attackers holding valid authentication tokens can achieve high-integrity impact and partial availability disruption by manipulating file operations. Vulnerability affects only version 2.1.0 of the self-hosted error tracking platform. No public exploit identified at time of analysis.

Information Disclosure Bugsink
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-27614 CRITICAL POC PATCH Act Now

Stored XSS in Bugsink error tracking tool before 2.0.13 allows unauthenticated attackers to inject persistent scripts through error event submissions. PoC and patch available.

Ruby Bugsink
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-40162
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authenticated arbitrary file write in Bugsink 2.1.0 allows remote attackers to write malicious content to filesystem locations accessible by the application process through exploitation of the artifact bundle assembly flow. Attackers holding valid authentication tokens can achieve high-integrity impact and partial availability disruption by manipulating file operations. Vulnerability affects only version 2.1.0 of the self-hosted error tracking platform. No public exploit identified at time of analysis.

Information Disclosure Bugsink
NVD GitHub
CVE-2026-27614
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Stored XSS in Bugsink error tracking tool before 2.0.13 allows unauthenticated attackers to inject persistent scripts through error event submissions. PoC and patch available.

Ruby Bugsink
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy