14 matches found
CVE-2026-4990
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
SUSE CVE-2026-32760
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
CVE-2026-4990
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
CVE-2026-4990
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
CVE-2026-4990 chatwoot Signup Endpoint login improper authorization
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
CVE-2026-4990 chatwoot Signup Endpoint login improper authorization
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
Chatwoot 安全漏洞
Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. Chatwoot versions 4.11.1 and earlier contain security vulnerabilities, which stem...
PT-2026-28708
Name of the Vulnerable Software and Affected Versions chatwoot versions prior to 4.11.1 Description A security issue exists in chatwoot that allows for improper authorization. This occurs through manipulation of the signupEnabled argument with the input true within an unknown function of the...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the signupHandler function. An attacker can gain full administrative privileges by registering a new account when self-registration is enabled and the default permissions include administrative rights...
Incorrect Privilege Assignment
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the signupHandler function. An attacker can gain full administrative privileges by registering a new account when self-registration is...
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
CVE-2026-32760
Summary: The connected advisories describe a vulnerability in File Browser where an unauthenticated user can create a full administrator account by using the public signup endpoint when signup is enabled and defaults.perm.admin is set to true. The root cause is in signupHandler (http/auth.go), wh...
CVE-2026-32760 File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
PT-2026-25858
Name of the Vulnerable Software and Affected Versions File Browser versions 2.61.2 and below Description File Browser, a file managing interface, has an issue where unauthenticated users can register as full administrators if self-registration is enabled signup = true and the default user...