CVE-2026-34985

Name of the Vulnerable Software and Affected Versions LORIS versions 16.1.0 through 27.0.2 and 28.0.0

Description The LORIS application, used for data and project management in neuroimaging research, had a flaw where backend access checks were missing for files. This allowed unauthorized access to files if the filename was known, despite frontend filtering.

Recommendations Update to version 27.0.3 or 28.0.1