GO-2026-4447 OpenCloud Affected by Public Link Exploit in github.com/opencloud-eu/opencloud

OpenCloud Affected by Public Link Exploit in github.com/opencloud-eu/opencloud. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, plea...

GO-2026-4444 OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva

OpenCloud Reva has a Public Link Exploit in github.com/opencloud-eu/reva...

SUSE CVE-2026-23989

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

opencloud-server-5.0.2-1.1 on GA media (moderate)

opencloud-server-5.0.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10159-1 Rating: moderate Cross-References: CVE-2026-23989 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

CVE-2026-23989

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

CVE-2026-23989

REVA (OpenCloud Reva component) contains a vulnerability in its GRPC authorization middleware that lets a malicious user bypass the public link scope verification via the archiver service, enabling creation of an archive (zip/tar) containing all resources within the link’s scope. Affected version...

EUVD-2026-5629

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

CVE-2026-23989 REVA Public Link Exploit

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

REVA 安全漏洞

REVA is an open-source data platform software developed by OpenCloud. Versions of REVA prior to 2.42.3 and 2.40.3 contained security vulnerabilities. These vulnerabilities were caused by a bypass in range validation of the GRPC authorization middleware, which could lead to the creation of archive...

OPENSUSE-SU-2026:10159-1 opencloud-server-5.0.2-1.1 on GA media

These are all security issues fixed in the opencloud-server-5.0.2-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-VF5J-R2HW-2HRW OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

GHSA-9J2F-3RJ3-WGPG OpenCloud Reva has a Public Link Exploit

Impact A security issue was discovered in Reva based products that enables a malicious user to bypass the scope validation of a public link, allowing it to access resources outside the scope of a public link. Details Public link shares in OpenCloud are bound to a specific scope usually a file or...

OpenCloud Reva has a Public Link Exploit

Impact A security issue was discovered in Reva based products that enables a malicious user to bypass the scope validation of a public link, allowing it to access resources outside the scope of a public link. Details Public link shares in OpenCloud are bound to a specific scope usually a file or...

Fake AV Business Alive and Kicking

Vyacheslav Zakorzhevsky Since June 2011 we have seen a substantial decrease in the number of fake antivirus programs. Right now we are observing 10,000 daily attempts to infect users with Trojan-FakeAV; back in June the figures were 50-60,000. The daily number of attempted infections using...