PT-2026-37186

Name of the Vulnerable Software and Affected Versions Heimdall versions prior to 0.17.14 Description Heimdall handles URL-encoded slashes %2F in a case-sensitive manner, whereas percent-encoding is defined as case-insensitive. When the allow encoded slashes variable is set to off the default...

CVE-2025-50578

LinuxServer.io heimdall 2.6.3-ls307 contains a vulnerability in how it handles user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirect attacks. This allows the loading...

Heimdall 安全漏洞

Heimdall is an open source application panel and launcher for LinuxServer.io. A security vulnerability exists in Heimdall version 2.6.3-ls307, which stems from improper HTTP header handling and could lead to host header injection and open redirection attacks...

CVE-2025-50578

Heimdall 2.6.3-ls307 (LinuxServer.io) contains a vulnerability in handling user-supplied HTTP headers, specifically X-Forwarded-Host and Referer. An unauthenticated remote attacker can manipulate these headers to perform Host Header Injection and Open Redirects, enabling loading of external resou...

CVE-2025-54597

LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter...

PT-2025-30990

Name of the Vulnerable Software and Affected Versions Heimdall versions prior to 2.7.3 Description Heimdall is susceptible to a cross-site scripting XSS issue via the q parameter. Recommendations Update Heimdall to version 2.7.3 or later...

CVE-2023-51803

LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "" substring...

Heimdall 安全漏洞

Heimdall is an open source application panel and launcher for LinuxServer.io. A security vulnerability exists in Heimdall version v.2.6.1, which originates from a remote attacker who can execute arbitrary code via a specially crafted script that adds a new application...