CVE-2026-11443— Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-11443
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the downloadAttachment method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of arbitrary script. An attacker can leverage this vulnerability to execute script in the context of the current user. Was ZDI-CAN-28236.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-11443
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-11443
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-11443 (1)
Vendor Pages for CVE-2026-11443 (1)
- 🔗 Release Notes for Allegra 9.0vendor-advisory
IV. Related Vulnerabilities
Same product: Allegra
- CVE-2026-11442
Allegra exportReport Directory Traversal Information Disclos - CVE-2025-11466
Allegra DatabaseBackupBL Directory Traversal Information Dis - CVE-2025-6216
Allegra calculateTokenExpDate Password Recovery Authenticati - CVE-2025-3485
Allegra extractFileFromZip Directory Traversal Remote Code E - CVE-2025-3486
Allegra isZipEntryValide Directory Traversal Remote Code Exe
Same vendor: Allegra
- CVE-2026-11442
Allegra exportReport Directory Traversal Information Disclos - CVE-2025-11466
Allegra DatabaseBackupBL Directory Traversal Information Dis - CVE-2025-6216
Allegra calculateTokenExpDate Password Recovery Authenticati - CVE-2025-3485
Allegra extractFileFromZip Directory Traversal Remote Code E - CVE-2025-3486
Allegra isZipEntryValide Directory Traversal Remote Code Exe
Same weakness: CWE-79
- CVE-2026-12176
SourceCodester CET Automated Grading System with AI Predicti - CVE-2026-5513
Online Scheduling and Appointment Booking System – Bookly <= - CVE-2026-3297
Page Builder: Pagelayer – Drag and Drop website builder <= 2 - CVE-2026-9629
Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross- - CVE-2026-9134
Photo Gallery by FooGallery : Responsive Image Gallery, Maso
V. Comments for CVE-2026-11443
No comments yet