CVE-2026-40487

Name of the Vulnerable Software and Affected Versions Postiz versions prior to 2.21.6

Description Postiz is an open-source social media management tool with over 28 platform integrations. The software contains a flaw that allows arbitrary file upload through MIME-type spoofing, which can lead to stored cross-site scripting (XSS) and subsequent account takeover. This issue can be triggered if an agent reading an untrusted email or webpage is manipulated into executing unauthorized actions.

Recommendations Update to a version newer than 2.21.5.