Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

elabftw — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in elabftw, with AI-generated Chinese analysis, references, and POCs.

Vendor: elabftw

CVE IDTitleCVSSSeverityPublished
CVE-2026-28510 elabftw allows MFA bypass during login CWE-302 5.9 Medium2026-05-05
CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking CWE-79 6.8 Medium2025-10-27
CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information CWE-89 8.3 High2025-02-14
CVE-2024-52586 eLabFTW MFA bypass CWE-288 5.4 Medium2024-12-09
CVE-2024-47826 eLabFTW vulnerable to HTML Injection in extended search error message CWE-79 3.5 Low2024-10-14
CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure CWE-284 7.5 High2024-10-01
CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances CWE-266 8.6 High2024-10-01
CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw CWE-79 8.9 High2024-09-02
CVE-2024-25633 In eLabFTW, if administrators can create users, users can too CWE-266 5.4 Medium2024-08-15
CVE-2022-31178 Improper Authorization in eLabFTW CWE-863 4.3 Medium2022-08-01
CVE-2022-31007 Privilege escalation from administrator in eLabFTW CWE-842 4.9 Medium2022-05-31
CVE-2021-43834 Incorrect Authentication in elabftw CWE-287 9.1 Critical2021-12-15
CVE-2021-43833 Account takeover in eLabFTW CWE-287 8.1 High2021-12-15
CVE-2021-41171 Bypass bruteforce protection on login form in elabftw CWE-307 5.9 Medium2021-10-22
CVE-2021-32698 Blind Server-Side Request Forgery (SSRF) in eLabFTW CWE-918 6.8 Medium2021-06-21

All 15 known CVE vulnerabilities affecting elabftw with full Chinese analysis, references, and POCs where available.