Skip to main content

Elabftw

16 CVEs product

Monthly

CVE-2026-28511 MEDIUM This Month

Information disclosure in eLabFTW prior to version 5.4.2 allows authenticated users to enumerate resource titles outside their authorization scope via numeric reference/search queries. Affected deployments in regulated environments - such as clinical labs or research institutions embedding patient identifiers, project names, or regulated data in resource titles - face elevated sensitivity risk despite the limited scope of exposure. Content-level access controls remain intact; only titles leak. No public exploit identified at time of analysis, and CVSS rates this Medium (4.3), consistent with authenticated, low-impact disclosure.

Information Disclosure Elabftw
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28510 MEDIUM This Month

Multi-factor authentication bypass in eLabFTW through version 5.4.1 allows attackers with valid primary credentials to complete login using an attacker-controlled TOTP secret, circumventing the second factor requirement and gaining unauthorized account access. The vulnerability stems from inconsistent MFA state preservation across authentication steps. This issue is patched in version 5.4.2.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-25206 HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Privilege Escalation Elabftw
NVD GitHub
CVSS 3.1
8.3
EPSS
0.2%
CVE-2024-52586 HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47826 MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Elabftw
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-45408 MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-25632 HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-28100 MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elabftw
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-25633 MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-31178 MEDIUM This Month

eLabFTW is an electronic lab notebook manager for research teams. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-31007 HIGH This Week

eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
CVSS 3.1
7.2
EPSS
26.1%
CVE-2021-43834 CRITICAL Act Now

eLabFTW is an electronic lab notebook manager for research teams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43833 HIGH This Week

eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-41171 HIGH POC PATCH This Week

eLabFTW is an open source electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Elabftw
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-32698 MEDIUM PATCH This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Elabftw
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2019-12185 HIGH POC THREAT This Week

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Elabftw
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
18.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

Information disclosure in eLabFTW prior to version 5.4.2 allows authenticated users to enumerate resource titles outside their authorization scope via numeric reference/search queries. Affected deployments in regulated environments - such as clinical labs or research institutions embedding patient identifiers, project names, or regulated data in resource titles - face elevated sensitivity risk despite the limited scope of exposure. Content-level access controls remain intact; only titles leak. No public exploit identified at time of analysis, and CVSS rates this Medium (4.3), consistent with authenticated, low-impact disclosure.

Information Disclosure Elabftw
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Multi-factor authentication bypass in eLabFTW through version 5.4.1 allows attackers with valid primary credentials to complete login using an attacker-controlled TOTP secret, circumventing the second factor requirement and gaining unauthorized account access. The vulnerability stems from inconsistent MFA state preservation across authentication steps. This issue is patched in version 5.4.2.

Authentication Bypass Elabftw
NVD GitHub
EPSS 0% CVSS 8.3
HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Privilege Escalation Elabftw
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Elabftw
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

eLabFTW is an open source electronic lab notebook for research labs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elabftw
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

eLabFTW is an electronic lab notebook manager for research teams. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
EPSS 26% CVSS 7.2
HIGH This Week

eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Elabftw
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

eLabFTW is an electronic lab notebook manager for research teams. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

eLabFTW is an electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Elabftw
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

eLabFTW is an open source electronic lab notebook manager for research teams. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Elabftw
NVD GitHub Exploit-DB
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Elabftw
NVD GitHub
EPSS 18% CVSS 8.8
HIGH POC THREAT This Week

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Elabftw
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy