CVE-2026-33148
CVE-2026-33148 affects Tandoor Recipes prior to 2.6.0. The FDC (USDA FoodData Central) search endpoint builds the upstream API URL by directly interpolating the user-supplied query parameter without URL-encoding, allowing an attacker to inject additional URL parameters (e.g., via &). This can ove...