PT-2026-41155

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description The password reset flow in the resetRequest route of the modules/@apostrophecms/login/index.js component constructs the reset URL using req.hostname. When apos.baseUrl is not explicitly...

PT-2026-41161

Name of the Vulnerable Software and Affected Versions opentelemetry-java versions prior to 1.62.0 Description A flaw in the baggage propagation implementation within opentelemetry-api and opentelemetry-extension-trace-propagators allows for unbounded memory allocation and CPU consumption when...

PT-2026-41138

Name of the Vulnerable Software and Affected Versions Fides versions 2.33.0 through 2.84.4 Description A DOM-based Cross-Site Scripting XSS issue exists in fides.js, the script used to render consent banners. The problem occurs when the fides description variable is overridden via a URL query...

PT-2026-41164

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.5 Description Scripts can be injected and executed through the HTML rendering view. The frontend includes a function to visualize HTML content of a chat by embedding it in an iFrame. However, the use of the...

PT-2026-41139

Impact A Python operator precedence bug in pyzipper/zipfile aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

PT-2026-41133

Name of the Vulnerable Software and Affected Versions devalue affected versions not specified Description The devalue.parse function may allocate excessive memory when deserializing sparse arrays due to specific behaviors in some JavaScript engines. This can lead to high memory consumption...

PT-2026-41143

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description The authentication middleware accepts JSON Web Tokens JWT...

PT-2026-41159

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description Local authenticated users can cause the system to starve other requests of CPU resources, leading to request failures and a denial of service for other users. Homeservers that trust all their local...

PT-2026-41136

Summary Any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The RoutinePermission class grants read access to any authenticated user when a routine has is...

PT-2026-41140

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer includes a security setting to disable bind mounts...

PT-2026-41148

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary run dbt command in src/dbt mcp/dbt cli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two...

PT-2026-41142

Name of the Vulnerable Software and Affected Versions portainer-ce versions 2.33.0 through 2.33.7 portainer-ce-agent versions 2.33.0 through 2.33.7 Description An authorization bypass exists in the middleware layer kubeClientMiddleware within the api/http/handler/kubernetes/handler.go file. The...

PT-2026-41163

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.3.16 Description A missing permission check in API endpoints related to files allows any authenticated user to list, access, and delete every file uploaded by any user to the platform. The issue exists because th...

PT-2026-41146

Summary render toc ul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading ID...

PT-2026-41157

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9 Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec fields or global...

PT-2026-41158

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description In federated rooms, malicious homeservers can craft room events that prevent the server from providing full history to paginating clients. This can result in clients failing to display the room...

PT-2026-41150

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DefaultUsageTracker.emit tool called event in src/dbt mcp/tracking/tracking.py serializes the complete arguments dictionary of every MCP tool call and transmits it verbati...

PT-2026-41156

Summary Default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reachable from their browser. CorsAllowedDomains: "." reflects any Origin, and LocalhostIsAdmin: true promotes requests from 127.0.0.1 to mesh-system:admin...

PT-2026-41135

Name of the Vulnerable Software and Affected Versions @apostrophecms/cli versions prior to 3.6.1 Description The @apostrophecms/cli package contains a command injection issue within the apos create command. User-supplied input provided during the password prompt is embedded directly into a shell...

PT-2026-41134

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

PT-2026-41209

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description All CRUD endpoints for the OpenAI Assistants Vector Store lack authentication middleware and permission checks. Specifically, the route path "/api/v1/openai-assistants-vector-store" is not included i...

PT-2026-41203

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description LDAP and OAuth authentication flows use a Time-of-Check-Time-of-Use TOCTOU pattern—a race condition where a system checks a condition and then uses the result of that check, but the condition...

PT-2026-41197

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description Multiple endpoints accept a user-supplied file id and attach the referenced file to a resource controlled by the caller, such as folder knowledge or knowledge-base contents, without verifying if t...

PT-2026-41186

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description The task create tool spawns durable sub-agents that inherit insecure default settings. Specifically, the allow shell variable defaults to true and the auto approve variable defaults to true. When ...

PT-2026-41207

Name of the Vulnerable Software and Affected Versions flowise versions prior to 3.1.2 Description The endpoint "/api/v1/node-custom-function" lacks route-level authorization, allowing any authenticated user or holder of a valid API key to submit arbitrary JavaScript via the javascriptFunction...

PT-2026-41168

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description An issue exists where the audio transcription upload endpoint uses the file extension from a user-supplied filename to save files. The '/cache/path' route serves these files via FileResponse, whic...

PT-2026-41169

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description The "POST /api/v1/notes/id/pin" endpoint performs a write operation by toggling the is pinned field but incorrectly validates only for read permission. This allows users who have read-only access ...

PT-2026-41174

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An issue exists where administrators' restrictions on API endpoint access can be bypassed. While requests using the Authorization: Bearer header are correctly blocked when restricted from the...

PT-2026-41183

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An internal-only bypass filter parameter is exposed on the '/openai/chat/completions' and '/ollama/api/chat' HTTP endpoints due to FastAPI query string binding. This allows any authenticated user...

PT-2026-41171

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description Open WebUI renders user-uploaded Office files, such as Excel and DOCX, as HTML using the @html directive without applying DOMPurify sanitization. This lack of sanitization allows for Stored...

PT-2026-41199

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description The API endpoint '/api/v1/notes/note id' lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating note id UUIDs. This...

PT-2026-41177

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.5.11 Description A blind server side request forgery SSRF exists in the PDF generate function. User inputs are interpreted as HTML and embedded into the PDF. While scripts and certain dangerous tags like iFrame a...

PT-2026-41198

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description A Stored Cross-Site Scripting XSS issue exists in the Banner component due to an improper sanitization order where DOMPurify.sanitize is executed before marked.parse. This allows a malicious...

PT-2026-41166

Name of the Vulnerable Software and Affected Versions CodeWhale versions 0.3.0 through 0.8.22 Description The run tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, allowing it to run without user approval. Because cargo test compiles and executes arbitrary...

PT-2026-41210

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the assistant create and update processes. The application uses Object.assign to copy the request body into the Assistant entity without an explicit field allowlist,...

PT-2026-41167

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description The channel webhook create and update flow accepts arbitrary profile image url values, including base64-encoded SVG payloads. The endpoint '/api/v1/channels/webhooks/webhook id/profile/image'...

PT-2026-41170

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description An application-wide Cross-Site Request Forgery CSRF issue exists in the image uploading functionality. An attacker can set an image URL to a malicious endpoint, causing any authenticated user who...

PT-2026-41202

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.12 Description Any verified user can execute arbitrary Python code via Jupyter because the '/api/v1/utils/code/execute' endpoint does not enforce the ENABLE CODE EXECUTION configuration flag. Even when an...

PT-2026-41194

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An authorization issue allows any authenticated user with low privileges to enumerate active background tasks across the system and stop tasks belonging to other users. This occurs because the...

PT-2026-41193

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.12 Description An Insecure Direct Object Reference IDOR exists in the retrieval API due to insufficient validation in the validate collection access function. While the function checks specific prefixes for use...

PT-2026-41215

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the evaluator create and update processes. The server uses Object.assign to copy the request body into the Evaluator entity without an explicit field allowlist,...

PT-2026-41179

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An issue exists where a user can continue the conversation of another user if the target user's Chat ID is known. This occurs because the system fails to verify if the Chat ID matches the user who...

PT-2026-41201

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description An authorization bypass allows any authenticated user to permanently delete files owned by other users. This occurs when a target file is referenced in any shared chat, as the has access to file...

PT-2026-41205

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description The 'checkBasicAuth' endpoint validates credentials in plaintext using direct comparison without rate limiting. This allows attackers to perform unlimited brute-force attempts against the username an...

PT-2026-41204

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.9.5 Description Insecure sync encryption occurs due to the use of deterministic AES-192-CBC with a fixed zero IV Initialization Vector, a constant KDF Key Derivation Function salt, and the absence of a MAC Message...

PT-2026-41208

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description An issue exists where the encryptedData field is not stripped from the response when credentials are fetched using a credentialName filter parameter. While the system correctly omits this field when ...

PT-2026-41206

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the assistant update endpoint. This occurs when the server does not restrict which properties can be modified by the client, allowing user-controlled request bodies ...

PT-2026-41200

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description The endpoint "/api/v1/memories/ef" is accessible without authentication and executes the function request.app.state.EMBEDDING FUNCTION. This allows unauthenticated users to trigger embedding...

PT-2026-41178

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description An issue exists where the packages.js template interpolates stored link URLs into a template literal within single-quoted HTML and writes the result to the DOM using the $div.htmlhtml functio...

PT-2026-41184

Name of the Vulnerable Software and Affected Versions @utcp/http versions prior to 1.1.2 Description The @utcp/http package is subject to a blind Server-Side Request Forgery SSRF, a flaw where an attacker can force the server to make requests to an unintended location. This is caused by a...