GHSA-PQHX-W72W-M393 ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function

An issue in Ntfy ntfy.sh before v.2.22.0 allows a remote attacker to execute arbitrary code via the parseActions function...

EUVD-2026-25232

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function...

CVE-2026-39087

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression...

PT-2026-34669

Name of the Vulnerable Software and Affected Versions ntfy.sh versions prior to 2.21 Description A remote attacker can execute arbitrary code through the parseActions function. Recommendations Update to version 2.21 or later. As a temporary workaround, consider restricting access to the...

CVE-2026-39087

CVE-2026-39087 affects ntfy.sh (Ntfy) prior to v2.21. The issue is in the parseActions function, enabling a remote attacker to execute arbitrary code. Affected: ntfy.sh

CVE-2026-39087

ntfy before 2.22.0 allows SSRF because of an unanchored regular expression...