Asana · Asana Desktop · CVE-2022-26877
**Name of the Vulnerable Software and Affected Versions**
Asana Desktop versions prior to 1.6.0
**Description**
The issue allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.
**Recommendations**
For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue.