3 matches found
CVE-2026-28736
UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued...
CVE-2026-25773
CVE-2026-25773 — Focalboard 8.0 Second-Order SQL Injection in category reorder : The vulnerability arises from insufficient sanitization of category IDs used in dynamic SQL during category reordering. An authenticated attacker can store a malicious SQL payload in the category ID field, which is l...
PT-2026-30042
Name of the Vulnerable Software and Affected Versions Focalboard version 8.0 Description Focalboard version 8.0 does not properly validate file ownership when serving uploaded files. This allows an authenticated attacker with knowledge of a victim's fileID to read the file's content. The product ...