Vulnerability Details CVE-2026-33284
GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal validation on user-submitted support requests. As a result, arbitrary URLs can be included in support emails sent to administrators. Version 5.0.89 patches the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.5%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-33284
-
cpe:2.3:a:globaleaks:globaleaks:2.60.100
-
cpe:2.3:a:globaleaks:globaleaks:2.60.101
-
cpe:2.3:a:globaleaks:globaleaks:2.60.102
-
cpe:2.3:a:globaleaks:globaleaks:2.60.103
-
cpe:2.3:a:globaleaks:globaleaks:2.60.104
-
cpe:2.3:a:globaleaks:globaleaks:2.60.106
-
cpe:2.3:a:globaleaks:globaleaks:2.60.107
-
cpe:2.3:a:globaleaks:globaleaks:2.60.108
-
cpe:2.3:a:globaleaks:globaleaks:2.60.109
-
cpe:2.3:a:globaleaks:globaleaks:2.60.110
-
cpe:2.3:a:globaleaks:globaleaks:2.60.111
-
cpe:2.3:a:globaleaks:globaleaks:2.60.112
-
cpe:2.3:a:globaleaks:globaleaks:2.60.113
-
cpe:2.3:a:globaleaks:globaleaks:2.60.114
-
cpe:2.3:a:globaleaks:globaleaks:2.60.115
-
cpe:2.3:a:globaleaks:globaleaks:2.60.116
-
cpe:2.3:a:globaleaks:globaleaks:2.60.117
-
cpe:2.3:a:globaleaks:globaleaks:2.60.118
-
cpe:2.3:a:globaleaks:globaleaks:2.60.119
-
cpe:2.3:a:globaleaks:globaleaks:2.60.120
-
cpe:2.3:a:globaleaks:globaleaks:2.60.121
-
cpe:2.3:a:globaleaks:globaleaks:2.60.122
-
cpe:2.3:a:globaleaks:globaleaks:2.60.123
-
cpe:2.3:a:globaleaks:globaleaks:2.60.124
-
cpe:2.3:a:globaleaks:globaleaks:2.60.125
-
cpe:2.3:a:globaleaks:globaleaks:2.60.126
-
cpe:2.3:a:globaleaks:globaleaks:2.60.127
-
cpe:2.3:a:globaleaks:globaleaks:2.60.128
-
cpe:2.3:a:globaleaks:globaleaks:2.60.129
-
cpe:2.3:a:globaleaks:globaleaks:2.60.130
-
cpe:2.3:a:globaleaks:globaleaks:2.60.132
-
cpe:2.3:a:globaleaks:globaleaks:2.60.133
-
cpe:2.3:a:globaleaks:globaleaks:2.60.134
-
cpe:2.3:a:globaleaks:globaleaks:2.60.135
-
cpe:2.3:a:globaleaks:globaleaks:2.60.136
-
cpe:2.3:a:globaleaks:globaleaks:2.60.137
-
cpe:2.3:a:globaleaks:globaleaks:2.60.138
-
cpe:2.3:a:globaleaks:globaleaks:2.60.139
-
cpe:2.3:a:globaleaks:globaleaks:2.60.140
-
cpe:2.3:a:globaleaks:globaleaks:2.60.141
-
cpe:2.3:a:globaleaks:globaleaks:2.60.142
-
cpe:2.3:a:globaleaks:globaleaks:2.60.143
-
cpe:2.3:a:globaleaks:globaleaks:2.60.144
-
cpe:2.3:a:globaleaks:globaleaks:2.60.61
-
cpe:2.3:a:globaleaks:globaleaks:2.60.69
-
cpe:2.3:a:globaleaks:globaleaks:2.60.70
-
cpe:2.3:a:globaleaks:globaleaks:2.60.71
-
cpe:2.3:a:globaleaks:globaleaks:2.60.72
-
cpe:2.3:a:globaleaks:globaleaks:2.60.73
-
cpe:2.3:a:globaleaks:globaleaks:2.60.74
-
cpe:2.3:a:globaleaks:globaleaks:2.60.76
-
cpe:2.3:a:globaleaks:globaleaks:2.60.77
-
cpe:2.3:a:globaleaks:globaleaks:2.60.78
-
cpe:2.3:a:globaleaks:globaleaks:2.60.79
-
cpe:2.3:a:globaleaks:globaleaks:2.60.80
-
cpe:2.3:a:globaleaks:globaleaks:2.60.81
-
cpe:2.3:a:globaleaks:globaleaks:2.60.82
-
cpe:2.3:a:globaleaks:globaleaks:2.60.83
-
cpe:2.3:a:globaleaks:globaleaks:2.60.84
-
cpe:2.3:a:globaleaks:globaleaks:2.60.85
-
cpe:2.3:a:globaleaks:globaleaks:2.60.86
-
cpe:2.3:a:globaleaks:globaleaks:2.60.88
-
cpe:2.3:a:globaleaks:globaleaks:2.60.89
-
cpe:2.3:a:globaleaks:globaleaks:2.60.90
-
cpe:2.3:a:globaleaks:globaleaks:2.60.91
-
cpe:2.3:a:globaleaks:globaleaks:2.60.92
-
cpe:2.3:a:globaleaks:globaleaks:2.60.93
-
cpe:2.3:a:globaleaks:globaleaks:2.60.94
-
cpe:2.3:a:globaleaks:globaleaks:2.60.95
-
cpe:2.3:a:globaleaks:globaleaks:2.60.96
-
cpe:2.3:a:globaleaks:globaleaks:2.60.97
-
cpe:2.3:a:globaleaks:globaleaks:2.60.98
-
cpe:2.3:a:globaleaks:globaleaks:2.60.99
-
cpe:2.3:a:globaleaks:globaleaks:2.61.0
-
cpe:2.3:a:globaleaks:globaleaks:2.61.1
-
cpe:2.3:a:globaleaks:globaleaks:2.61.10
-
cpe:2.3:a:globaleaks:globaleaks:2.61.12
-
cpe:2.3:a:globaleaks:globaleaks:2.61.13
-
cpe:2.3:a:globaleaks:globaleaks:2.61.14
-
cpe:2.3:a:globaleaks:globaleaks:2.61.2
-
cpe:2.3:a:globaleaks:globaleaks:2.61.3
-
cpe:2.3:a:globaleaks:globaleaks:2.61.4
-
cpe:2.3:a:globaleaks:globaleaks:2.61.5
-
cpe:2.3:a:globaleaks:globaleaks:2.61.6
-
cpe:2.3:a:globaleaks:globaleaks:2.61.7
-
cpe:2.3:a:globaleaks:globaleaks:2.61.8
-
cpe:2.3:a:globaleaks:globaleaks:2.61.9
-
cpe:2.3:a:globaleaks:globaleaks:2.62.0
-
cpe:2.3:a:globaleaks:globaleaks:2.62.1
-
cpe:2.3:a:globaleaks:globaleaks:2.62.2
-
cpe:2.3:a:globaleaks:globaleaks:2.62.3
-
cpe:2.3:a:globaleaks:globaleaks:2.62.4
-
cpe:2.3:a:globaleaks:globaleaks:2.62.5
-
cpe:2.3:a:globaleaks:globaleaks:2.62.6
-
cpe:2.3:a:globaleaks:globaleaks:2.62.7
-
cpe:2.3:a:globaleaks:globaleaks:2.62.8
-
cpe:2.3:a:globaleaks:globaleaks:2.62.9
-
cpe:2.3:a:globaleaks:globaleaks:2.63.0
-
cpe:2.3:a:globaleaks:globaleaks:2.63.1
-
cpe:2.3:a:globaleaks:globaleaks:2.63.2
-
cpe:2.3:a:globaleaks:globaleaks:2.63.3
-
cpe:2.3:a:globaleaks:globaleaks:2.63.4
-
cpe:2.3:a:globaleaks:globaleaks:2.63.5
-
cpe:2.3:a:globaleaks:globaleaks:2.64.0
-
cpe:2.3:a:globaleaks:globaleaks:2.64.1
-
cpe:2.3:a:globaleaks:globaleaks:2.64.10
-
cpe:2.3:a:globaleaks:globaleaks:2.64.11
-
cpe:2.3:a:globaleaks:globaleaks:2.64.12
-
cpe:2.3:a:globaleaks:globaleaks:2.64.13
-
cpe:2.3:a:globaleaks:globaleaks:2.64.14
-
cpe:2.3:a:globaleaks:globaleaks:2.64.15
-
cpe:2.3:a:globaleaks:globaleaks:2.64.16
-
cpe:2.3:a:globaleaks:globaleaks:2.64.2
-
cpe:2.3:a:globaleaks:globaleaks:2.64.3
-
cpe:2.3:a:globaleaks:globaleaks:2.64.4
-
cpe:2.3:a:globaleaks:globaleaks:2.64.5
-
cpe:2.3:a:globaleaks:globaleaks:2.64.6
-
cpe:2.3:a:globaleaks:globaleaks:2.64.7
-
cpe:2.3:a:globaleaks:globaleaks:2.64.8
-
cpe:2.3:a:globaleaks:globaleaks:2.65.0
-
cpe:2.3:a:globaleaks:globaleaks:2.65.1
-
cpe:2.3:a:globaleaks:globaleaks:2.65.10
-
cpe:2.3:a:globaleaks:globaleaks:2.65.12
-
cpe:2.3:a:globaleaks:globaleaks:2.65.13
-
cpe:2.3:a:globaleaks:globaleaks:2.65.14
-
cpe:2.3:a:globaleaks:globaleaks:2.65.15
-
cpe:2.3:a:globaleaks:globaleaks:2.65.19
-
cpe:2.3:a:globaleaks:globaleaks:2.65.2
-
cpe:2.3:a:globaleaks:globaleaks:2.65.3
-
cpe:2.3:a:globaleaks:globaleaks:2.65.4
-
cpe:2.3:a:globaleaks:globaleaks:2.65.5
-
cpe:2.3:a:globaleaks:globaleaks:2.65.7
-
cpe:2.3:a:globaleaks:globaleaks:2.65.8
-
cpe:2.3:a:globaleaks:globaleaks:2.65.9
-
cpe:2.3:a:globaleaks:globaleaks:2.67.0
-
cpe:2.3:a:globaleaks:globaleaks:2.67.1
-
cpe:2.3:a:globaleaks:globaleaks:2.70.0
-
cpe:2.3:a:globaleaks:globaleaks:2.70.10
-
cpe:2.3:a:globaleaks:globaleaks:2.71.0
-
cpe:2.3:a:globaleaks:globaleaks:2.71.1
-
cpe:2.3:a:globaleaks:globaleaks:2.71.3
-
cpe:2.3:a:globaleaks:globaleaks:2.72
-
cpe:2.3:a:globaleaks:globaleaks:2.72.1
-
cpe:2.3:a:globaleaks:globaleaks:2.72.10
-
cpe:2.3:a:globaleaks:globaleaks:2.72.11
-
cpe:2.3:a:globaleaks:globaleaks:2.72.12
-
cpe:2.3:a:globaleaks:globaleaks:2.72.13
-
cpe:2.3:a:globaleaks:globaleaks:2.72.14
-
cpe:2.3:a:globaleaks:globaleaks:2.72.21
-
cpe:2.3:a:globaleaks:globaleaks:2.72.3
-
cpe:2.3:a:globaleaks:globaleaks:2.72.4
-
cpe:2.3:a:globaleaks:globaleaks:2.72.6
-
cpe:2.3:a:globaleaks:globaleaks:2.72.7
-
cpe:2.3:a:globaleaks:globaleaks:2.72.8
-
cpe:2.3:a:globaleaks:globaleaks:2.99.0
-
cpe:2.3:a:globaleaks:globaleaks:3.0.26
-
cpe:2.3:a:globaleaks:globaleaks:3.10.2
-
cpe:2.3:a:globaleaks:globaleaks:3.10.8
-
cpe:2.3:a:globaleaks:globaleaks:3.11.0
-
cpe:2.3:a:globaleaks:globaleaks:3.11.36
-
cpe:2.3:a:globaleaks:globaleaks:3.11.53
-
cpe:2.3:a:globaleaks:globaleaks:3.11.56
-
cpe:2.3:a:globaleaks:globaleaks:3.11.57
-
cpe:2.3:a:globaleaks:globaleaks:3.11.58
-
cpe:2.3:a:globaleaks:globaleaks:3.11.60
-
cpe:2.3:a:globaleaks:globaleaks:3.11.61
-
cpe:2.3:a:globaleaks:globaleaks:3.11.69
-
cpe:2.3:a:globaleaks:globaleaks:3.11.70
-
cpe:2.3:a:globaleaks:globaleaks:3.2.3
-
cpe:2.3:a:globaleaks:globaleaks:3.9.2
-
cpe:2.3:a:globaleaks:globaleaks:3.9.3
-
cpe:2.3:a:globaleaks:globaleaks:4.0.0
-
cpe:2.3:a:globaleaks:globaleaks:4.0.10
-
cpe:2.3:a:globaleaks:globaleaks:4.0.2
-
cpe:2.3:a:globaleaks:globaleaks:4.0.39
-
cpe:2.3:a:globaleaks:globaleaks:4.0.40
-
cpe:2.3:a:globaleaks:globaleaks:4.0.42
-
cpe:2.3:a:globaleaks:globaleaks:4.0.43
-
cpe:2.3:a:globaleaks:globaleaks:4.0.44
-
cpe:2.3:a:globaleaks:globaleaks:4.0.45
-
cpe:2.3:a:globaleaks:globaleaks:4.0.46
-
cpe:2.3:a:globaleaks:globaleaks:4.0.48
-
cpe:2.3:a:globaleaks:globaleaks:4.0.49
-
cpe:2.3:a:globaleaks:globaleaks:4.0.58
-
cpe:2.3:a:globaleaks:globaleaks:4.0.6
-
cpe:2.3:a:globaleaks:globaleaks:4.1.0
-
cpe:2.3:a:globaleaks:globaleaks:4.1.1
-
cpe:2.3:a:globaleaks:globaleaks:4.1.13
-
cpe:2.3:a:globaleaks:globaleaks:4.1.14
-
cpe:2.3:a:globaleaks:globaleaks:4.1.15
-
cpe:2.3:a:globaleaks:globaleaks:4.1.16
-
cpe:2.3:a:globaleaks:globaleaks:4.1.17
-
cpe:2.3:a:globaleaks:globaleaks:4.1.2
-
cpe:2.3:a:globaleaks:globaleaks:4.1.6
-
cpe:2.3:a:globaleaks:globaleaks:4.1.9
-
cpe:2.3:a:globaleaks:globaleaks:4.2.0
-
cpe:2.3:a:globaleaks:globaleaks:4.2.1
-
cpe:2.3:a:globaleaks:globaleaks:4.2.2
-
cpe:2.3:a:globaleaks:globaleaks:4.2.5