@saltcorn/cli (>=1.5.0 <=1.5.5-beta.0), @saltcorn/mobile-builder (>=1.5.0 <=1.5.5-beta.0) potentially affected by CVE-2026-41478 via @saltcorn/server (>=1.5.0-beta.0 <=1.5.5)

@saltcorn/server NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: CVE-2026-41478 Source advisory: OSV:GHSA-JP74-MFRX-3QVH...

PT-2023-33070 · Npm +1 · Npm +1

Name of the Vulnerable Software and Affected Versions: Saltcorn versions prior to 0.8.7 Description: The issue allows an untrusted user with admin rights to a tenant instance to install a plugin that can access information from other tenants, potentially compromising all tenants of the...