Home

Description

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches the issue.

PUBLISHED Reserved 2026-03-18 | Published 2026-03-27 | Updated 2026-03-27 | Assigner GitHub_M




LOW: 1.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-20: Improper Input Validation

Product status

< 5.0.89
affected

References

github.com/...ftware/security/advisories/GHSA-84wr-q36q-wqhv

cve.org (CVE-2026-33284)

nvd.nist.gov (CVE-2026-33284)

Download JSON