CVE-2026-3965 | whyour qinglong up to 2.20.1 API Interface back/loaders/express.ts command protection mechanism

A vulnerability, which was classified as critical, has been found in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure.

This vulnerability is listed as CVE-2026-3965. The attack may be initiated remotely. In addition, an exploit is available.

It is advisable to upgrade the affected component.

The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.

CVE-2026-3965 | whyour qinglong up to 2.20.1 API Interface back/loaders/express.ts command protection mechanism

Post correlati

CVE-2025-22866 | Google Go crypto-elliptic p256NegCond information exposure

CVE-2024-23222 | Apple visionOS up to 1.0.1 WebKit type confusion (HT214070)

CVE-2024-25951 | Dell Integrated Remote Access Controller 8 prior 2.85.85.85 improper validation of consistency within input (dsa-2024-089)

CVE-2025-65778 | WeKan up to 18.15 Content-Type text/html unrestricted upload