Vulnerabilities

CVE-2026-28736

by Fred · 03/04/2026

** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim’s fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued.

More information : https://github.com/mattermost-community/focalboard

Similar

Tags: Cybersecurity Alert