CVE-2026-29055

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0

Description The application is designed for managing recipes, planning meals, and creating shopping lists. Prior to version 2.6.0, the image processing pipeline does not remove EXIF metadata, rescale images, or validate image size for WebP and GIF formats. This results in sensitive EXIF data, including GPS coordinates, camera model, timestamps, and software information, being stored and served to all users who can view the recipe when WebP images are uploaded. A developer comment in the source code acknowledges this as a known issue.

Recommendations Update to version 2.6.0 or later.