Ntfy.Sh · Ntfy.Sh · CVE-2026-39087
**Name of the Vulnerable Software and Affected Versions**
ntfy.sh versions prior to 2.21
**Description**
A remote attacker can execute arbitrary code through the `parseActions()` function.
**Recommendations**
Update to version 2.21 or later.
As a temporary workaround, consider restricting access to the `parseActions()` function until the update is applied.