CVE Catalog

CVE-2026-50886

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.

Risk Assessment

The organization may be exposed to unauthorized access to internal resources, potentially leading to data leaks or other serious security incidents.

Recommendation

It is recommended to update to the latest version of Project Firefly III and implement appropriate access control mechanisms to secure the webhook management component.

Original NVD description (English source)

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS