PT-2026-56233
Name of the Vulnerable Software and Affected Versions ghostfolio affected versions not specified Description The 'GET /api/v1/public/:accessId/portfolio' endpoint allows unauthenticated access to full portfolio data because it accepts private access IDs without validating granteeUserId filtering...