Elabftw · Elabftw · CVE-2026-28511
**Name of the Vulnerable Software and Affected Versions**
eLabFTW versions prior to 5.4.2
**Description**
An authenticated user can perform a numeric reference or search that returns results including resources they are not authorized to view. This issue allows for the unauthorized disclosure of sensitive information, such as project names or patient identifiers, if such data is included in resource titles. The exposure is limited to the title only, as authorization checks continue to block access to the actual content of the protected resources.
**Recommendations**
Update to version 5.4.2.