EUVD-2026-20777

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

CVE-2026-40035

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

CVE-2026-40035 Unfurl - Werkzeug Debugger Exposure via String Config Parsing

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

Unfurl 安全漏洞

Unfurl is a URL data extraction and visualization analysis tool developed by Ryan Benson. Versions of Unfurl prior to 2025.08 contained security vulnerabilities. These vulnerabilities stemmed from improper input validation in configuration parsing. By default, Flask debug mode was enabled, which...

PT-2026-31470

Name of the Vulnerable Software and Affected Versions Unfurl versions through 2025.08 Description Unfurl through 2025.08 has an improper input validation issue in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to...

GHSA-VG9H-JX4V-CWX2 Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)

Summary The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.rundebug=..., so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default. Details - unfurl/app.py:weba...

Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)

Summary The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.rundebug=..., so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default. Details - unfurl/app.py:weba...

Information Exposure

Overview collaborative-article-sharing is a Command-line interface for interacting with the CAS API Affected versions of this package are vulnerable to Information Exposure because the Flask application runs in debug mode in a production environment. Remediation Upgrade...

openstack-ironic-discoverd: potential remote code execution with debug mode enabled

It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console effectively, a command shell...