Browse all 8 CVE security advisories affecting FlagForgeCTF. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FlagForgeCTF is a capture-the-flag platform designed for cybersecurity skill development through competitive challenges. Historically, it has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with eight CVEs documented to date. The platform's security characteristics focus on realistic exploitation scenarios, though no major public incidents have been reported. Its vulnerabilities often stem from misconfigurations and input validation flaws, providing practical learning experiences for participants. The recorded CVEs highlight areas where the platform's security controls could be strengthened, making it a valuable tool for understanding common attack vectors while maintaining a controlled environment for security research and education.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-21868 | Flag Forge has ReDoS Vulnerability in User Profile Lookup API — flagForgeCWE-1333 | 7.5 | High | 2026-01-08 |
| CVE-2025-61777 | FlagForge Allows Unauthenticated Badge Template API Access — flagForgeCWE-200 | 9.4 | Critical | 2025-10-06 |
| CVE-2025-59932 | FlagForgeCTF Unauthenticated Resource Modification/Deletion — flagForgeCWE-284 | 8.6 | High | 2025-09-27 |
| CVE-2025-59843 | FlagForgeCTF Exposes User Emails via Public /api/user/[username] API — flagForgeCWE-359 | 5.3 | - | 2025-09-26 |
| CVE-2025-59841 | FlagForgeCTF's Improper Session Handling Allows Access After Logout — flagForgeCWE-384 | 9.8 | Critical | 2025-09-25 |
| CVE-2025-59833 | FlagForgeCTF Hint Exposure via API — flagForgeCWE-200 | 7.5 | High | 2025-09-24 |
| CVE-2025-59827 | FlagForgeCTF is Missing Authorization in main-v2 — flagForgeCWE-862 | 8.8AI | HighAI | 2025-09-24 |
| CVE-2025-59826 | FlagForgeCTF Vulnerable to Unauthorized Problem Creation — flagForgeCWE-862 | 7.6 | High | 2025-09-23 |
This page lists every published CVE security advisory associated with FlagForgeCTF. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.