PT-2026-42208
Name of the Vulnerable Software and Affected Versions Algernon versions prior to 1.17.7 Description The SSE event server's Access-Control-Allow-Origin response header is hardcoded to the wildcard , regardless of the caller's Origin. Because EventSource does not perform a preflight request and doe...