All 4 CVE vulnerabilities found in saltcorn, with AI-generated Chinese analysis, references, and POCs.
Vendor: saltcorn
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-42259 | Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass) CWE-601 | 5.4AI | MediumAI | 2026-05-07 |
| CVE-2026-41478 | Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) CWE-89 | 10.0 | Critical | 2026-04-24 |
| CVE-2026-40163 | Saltcorn has an Unauthenticated Path Traversal in sync endpoints allows arbitrary file write and directory read CWE-22 | 8.2 | High | 2026-04-10 |
| CVE-2024-47818 | Logged-in users with any role can delete arbitrary files in @saltcorn/server CWE-22 | 6.5 | Medium | 2024-10-07 |
All 4 known CVE vulnerabilities affecting saltcorn with full Chinese analysis, references, and POCs where available.