Home

Description

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

PUBLISHED Reserved 2026-04-06 | Published 2026-04-23 | Updated 2026-04-23 | Assigner mitre

References

ntfy.com

ntfysh.com

gist.github.com/MightyNawaf/5d41d6e8ead16e217f86b016002ecae5

cve.org (CVE-2026-39087)

nvd.nist.gov (CVE-2026-39087)

Download JSON