CVE-2025-27156

Name of the Vulnerable Software and Affected Versions Tuleap versions prior to 16.4.99.1740567344 Tuleap Enterprise Edition versions prior to 16.4-6 and 16.3-11

Description The mass emailing feature in Tuleap does not properly sanitize the content of HTML emails. This could allow a malicious user to facilitate phishing attempts or indirectly exploit issues in the recipients' mail clients.

Recommendations For Tuleap Community Edition versions prior to 16.4.99.1740567344, update to version 16.4.99.1740567344 or later. For Tuleap Enterprise Edition versions prior to 16.4-6, update to version 16.4-6 or later. For Tuleap Enterprise Edition version 16.3, update to version 16.3-11 or later.