Allegra · Allegra · CVE-2026-11443
**Name of the Vulnerable Software and Affected Versions**
Allegra (affected versions not specified)
**Description**
A flaw in the `downloadAttachment()` method allows remote attackers to execute arbitrary scripts on affected installations. This occurs due to insufficient validation of user-supplied data, enabling script injection in the context of the current user. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.