CVE-2026-33284

Vulnerability Description

GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches the issue.

Vulnerability Details

Published Date

March 27, 2026

Last Modified

March 30, 2026

CWE ID

CWE-20

Source

NVD

Vendor

globaleaks

Product

globaleaks-whistleblowing-software

External References

https://github.com/globaleaks/globaleaks-whistleblowing-software/security/advisories/GHSA-84wr-q36q-wqhv

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment