CVE-2026-50886 | THREATINT

Description

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.

PUBLISHED Reserved 2026-06-07 | Published 2026-06-15 | Updated 2026-06-15 | Assigner mitre

References

gist.github.com/pyuysig/f5395f90753ba652835ba9c6abf4c4ae

cve.org (CVE-2026-50886)

nvd.nist.gov (CVE-2026-50886)

Download JSON