CVE-2026-56355 | THREATINT

Description

GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.

PUBLISHED Reserved 2026-06-20 | Published 2026-06-20 | Updated 2026-06-20 | Assigner mitre

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-696 Incorrect Behavior Order

Product status

Default status

unaffected

3.14 (custom)

affected

References

cgit.git.savannah.gnu.org/...end/php/file.php?h=release-3.17

cgit.git.savannah.gnu.org/...end/php/file.php?h=release-3.17

www.fsf.org/...ement-regarding-gnu-savannah-security-reports

www.hacktron.ai

www.mallory.ai/stories/019ee445-bdd4-7775-93b5-a8faaf5c2eb7

news.ycombinator.com/item?id=48605220

cve.org (CVE-2026-56355)

nvd.nist.gov (CVE-2026-56355)

Download JSON

help @ threatint.eu