CVE-2026-42206 | roadiz core-bundle-dev-app up to 2.3.42/2.5.44/2.6.30/2.7.17 generate data authenticity (GHSA-3gx8-q682-38mx)

Inserito da Angelo Barbosa | Mag 9, 2026 | CVE

A vulnerability categorized as problematic has been discovered in roadiz core-bundle-dev-app up to 2.3.42/2.5.44/2.6.30/2.7.17. The affected element is the function OAuth2LinkGenerator::generate. The manipulation results in insufficient verification of data authenticity.

This vulnerability is reported as CVE-2026-42206. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-42206 | roadiz core-bundle-dev-app up to 2.3.42/2.5.44/2.6.30/2.7.17 generate data authenticity (GHSA-3gx8-q682-38mx)

Post correlati

CVE-2025-20979 | Samsung libsavscmn out-of-bounds write

CVE-2024-6969 | SourceCodester Clinics Patient Management System 1.0 get_patient_history.php patient_id sql injection

CVE-2025-64149 | Publish to Bitbucket Plugin up to 0.4 on Jenkins cross-site request forgery

CVE-2024-46977 | OpenC3 cosmos up to 5.18.x LocalMode open_local_file path traversal (GHSA-8jxr-mccc-mwg8)