Skip to main content

Globaleaks Whistleblowing Software

1 CVEs product

Monthly

CVE-2026-33284 LOW PATCH Monitor

GlobaLeaks whistleblowing platform versions prior to 5.0.89 contain insufficient input validation in the /api/support endpoint, permitting attackers to inject arbitrary URLs into support request emails sent to administrators. This can facilitate phishing attacks, credential harvesting, or social engineering by making malicious links appear to originate from legitimate support communications. Remote attackers without authentication can exploit this vulnerability to craft convincing fraudulent messages to site administrators.

Information Disclosure Globaleaks Whistleblowing Software
NVD GitHub
CVSS 4.0
1.2
EPSS
0.1%
EPSS 0% CVSS 1.2
LOW PATCH Monitor

GlobaLeaks whistleblowing platform versions prior to 5.0.89 contain insufficient input validation in the /api/support endpoint, permitting attackers to inject arbitrary URLs into support request emails sent to administrators. This can facilitate phishing attacks, credential harvesting, or social engineering by making malicious links appear to originate from legitimate support communications. Remote attackers without authentication can exploit this vulnerability to craft convincing fraudulent messages to site administrators.

Information Disclosure Globaleaks Whistleblowing Software
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy