Skip to main content
ZDI-26-358 MEDIUM 4.6 Published Jun 11, 2026

Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability

Allegra

This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.6.

Related CVE

CVE-2026-11443

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy