A vulnerability has been found in Ghostfolio up to 3.6.0 and classified as problematic. Affected by this vulnerability is the function getPortfolio of the file /api/v1/public/portfolio.php of the component Portfolio Endpoint. The manipulation of the argument accessId leads to information disclosure.

This vulnerability is listed as CVE-2026-59708. The attack may be initiated remotely. There is no available exploit.