CVE-2026-32255 | kanbn kan up to 0.5.4 Attachment Download Endpoint attatchment fetch server-side request forgery (GHSA-qrx8-9hc6-jvqg)

Inserito da Angelo Barbosa | Mar 19, 2026 | CVE

A vulnerability was found in kanbn kan up to 0.5.4. It has been classified as critical. The affected element is the function fetch of the file /api/download/attatchment of the component Attachment Download Endpoint. This manipulation causes server-side request forgery.

This vulnerability appears as CVE-2026-32255. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-32255 | kanbn kan up to 0.5.4 Attachment Download Endpoint attatchment fetch server-side request forgery (GHSA-qrx8-9hc6-jvqg)

Post correlati

CVE-2025-12728 | Google Chrome up to 142.0.7444.59 Omnibox Remote Code Execution

CVE-2025-12873 | Campcodes School File Management 1.0 /admin/update_user.php user_id sql injection

CVE-2024-57078 | cli-util 1.1.27 lib.merge prototype pollution

CVE-2024-10106 | Silabs Ember ZNet SDK 7.4.0/7.4.0.0/8.0.0 Packet Handoff Plugin buffer overflow