CVE-2026-33284
- Source
- https://cve.org/CVERecord?id=CVE-2026-33284
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33284.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-33284
- Aliases
-
- GHSA-84wr-q36q-wqhv
- Published
- 2026-03-27T13:58:54.085Z
- Modified
- 2026-04-10T05:43:12.593139Z
- Severity
-
- 1.2 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- GlobalLeaks has insufficient URL validation in user support API
- Details
-
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches the issue.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33284.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-20" ] }- References
Affected packages
Git / github.com/globaleaks/globaleaks-whistleblowing-software
Affected versions
v3.*
v3.0.26
v3.10.2
v3.10.8
v3.11.0
v3.11.36
v3.11.53
v3.11.56
v3.11.57
v3.11.58
v3.11.60
v3.11.61
v3.9.2
v3.9.3
v4.*
v4.0.0
v4.0.10
v4.0.2
v4.0.40
v4.0.42
v4.0.43
v4.0.44
v4.0.45
v4.0.46
v4.0.48
v4.0.49
v4.0.54
v4.0.58
v4.0.6
v4.1.0
v4.1.1
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.6
v4.1.9
v4.10.0
v4.10.1
v4.10.10
v4.10.11
v4.10.18
v4.10.2
v4.11.0
v4.11.1
v4.11.2
v4.11.5
v4.12.1
v4.12.2
v4.12.4
v4.12.5
v4.12.6
v4.13.0
v4.13.10
v4.13.11
v4.13.13
v4.13.14
v4.13.15
v4.13.16
v4.13.18
v4.13.19
v4.13.20
v4.13.21
v4.13.22
v4.13.6
v4.14.0
v4.15.0
v4.15.1
v4.15.2
v4.15.3
v4.15.4
v4.2.0
v4.2.1
v4.2.13
v4.2.2
v4.2.5
v4.2.8
v4.3.0
v4.3.1
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.6.0
v4.6.1
v4.7.1
v4.7.2
v4.7.3
v4.7.5
v4.7.6
v4.9.1
v4.9.2
v4.9.5
v4.9.6
v4.9.7
v4.9.8
v5.*
v5.0.0
v5.0.1
v5.0.1-docker
v5.0.10
v5.0.10-docker
v5.0.11
v5.0.11-docker
v5.0.12
v5.0.12-docker
v5.0.13
v5.0.13-docker
v5.0.14
v5.0.14-docker
v5.0.15
v5.0.16
v5.0.17
v5.0.17-docker
v5.0.18
v5.0.18-docker
v5.0.19
v5.0.19-docker
v5.0.20
v5.0.20-docker
v5.0.21
v5.0.21-docker
v5.0.22
v5.0.22-docker
v5.0.23
v5.0.23-docker
v5.0.24
v5.0.24-docker
v5.0.25
v5.0.25-docker
v5.0.26
v5.0.26-docker
v5.0.27
v5.0.27-docker
v5.0.28
v5.0.28-docker
v5.0.29
v5.0.29-docker
v5.0.3
v5.0.3-docker
v5.0.30
v5.0.30-docker
v5.0.31
v5.0.31-docker
v5.0.32
v5.0.32-docker
v5.0.33
v5.0.33-docker
v5.0.38
v5.0.38-docker
v5.0.39
v5.0.4
v5.0.4-docker
v5.0.40
v5.0.41
v5.0.41-docker
v5.0.42
v5.0.43
v5.0.43-docker
v5.0.44
v5.0.44-docker
v5.0.45
v5.0.45-docker
v5.0.46
v5.0.48
v5.0.48-docker
v5.0.49
v5.0.5
v5.0.50
v5.0.50-docker
v5.0.51
v5.0.51-docker
v5.0.52
v5.0.52-docker
v5.0.54
v5.0.54-docker
v5.0.55
v5.0.55-docker
v5.0.56
v5.0.56-docker
v5.0.57
v5.0.57-docker
v5.0.58
v5.0.58-docker
v5.0.59
v5.0.59-docker
v5.0.6
v5.0.60
v5.0.61
v5.0.62
v5.0.62-docker
v5.0.63
v5.0.63-docker
v5.0.64
v5.0.64-docker
v5.0.65
v5.0.65-docker
v5.0.66
v5.0.66-docker
v5.0.67
v5.0.67-docker
v5.0.68
v5.0.68-docker
v5.0.69
v5.0.69-docker
v5.0.7
v5.0.7-docker
v5.0.70-docker
v5.0.71
v5.0.71-docker
v5.0.73
v5.0.74
v5.0.75
v5.0.75-docker
v5.0.76
v5.0.76-docker
v5.0.77
v5.0.77-docker
v5.0.78
v5.0.79
v5.0.79-docker
v5.0.8
v5.0.8-docker
v5.0.80
v5.0.80-docker
v5.0.81
v5.0.82
v5.0.82-docker
v5.0.83
v5.0.83-docker
v5.0.84
v5.0.85
v5.0.85-docker
v5.0.86
v5.0.86-docker
v5.0.87
v5.0.87-docker
v5.0.88
v5.0.9
v5.0.9-docker