CVE-2026-33284
GlobaLeaks (free/open-source whistleblowing software) is affected prior to version 5.0.89. The /api/support endpoint performs minimal validation on user-submitted support requests, allowing arbitrary URLs to be included in support emails sent to administrators. Version 5.0.89 patches the issue. E...