2 matches found
CVE-2026-35045 Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batchupdate/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by...
CVE-2026-35045
The CVE-2026-35045 vulnerability affects Tandoor Recipes up to version 2.6.3. The PUT /api/recipe/batch_update/ endpoint lets any authenticated user within a Space modify any recipe (including private ones), bypassing object-level checks on PUT /api/recipe/{id}/. This enables forced exposure of p...