PT-2026-28476 · Globaleaks+1 · Globaleaks+1

Published

2026-03-27

·

Updated

2026-03-27

·

CVE-2026-33284

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions GlobaLeaks versions prior to 5.0.89
Description The '/api/support' endpoint performs minimal validation on user-submitted support requests, allowing arbitrary URLs to be included in support emails sent to administrators.
Recommendations Update to version 5.0.89.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2026-33284
GHSA-84WR-Q36Q-WQHV

Affected Products

Globaleaks
Globaleaks-Whistleblowing-Software