Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

elabftw — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting elabftw. AI-powered Chinese analysis, POCs, and references for each vulnerability.

eLabFTW is an open-source electronic lab notebook designed for research documentation and data management. Historically, it has been vulnerable to multiple security issues including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, with 15 CVEs recorded to date. The application's web interface and file upload functionality have been common attack vectors. While no major public security incidents have been widely documented, the consistent discovery of vulnerabilities highlights the importance of regular updates and security hardening for research organizations relying on this platform.

Top products by elabftw: elabftw
CVE IDTitleCVSSSeverityPublished
CVE-2026-28510 elabftw allows MFA bypass during login — elabftwCWE-302 5.9 Medium2026-05-05
CVE-2025-62793 eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads to Credential Theft / Clickjacking — elabftwCWE-79 6.8 Medium2025-10-27
CVE-2025-25206 Incorrect input validation could allow an authenticated user to read sensitive information — elabftwCWE-89 8.3 High2025-02-14
CVE-2024-52586 eLabFTW MFA bypass — elabftwCWE-288 5.4 Medium2024-12-09
CVE-2024-47826 eLabFTW vulnerable to HTML Injection in extended search error message — elabftwCWE-79 3.5 Low2024-10-14
CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure — elabftwCWE-284 7.5 High2024-10-01
CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances — elabftwCWE-266 8.6 High2024-10-01
CVE-2024-28100 Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw — elabftwCWE-79 8.9 High2024-09-02
CVE-2024-25633 In eLabFTW, if administrators can create users, users can too — elabftwCWE-266 5.4 Medium2024-08-15
CVE-2022-31178 Improper Authorization in eLabFTW — elabftwCWE-863 4.3 Medium2022-08-01
CVE-2022-31007 Privilege escalation from administrator in eLabFTW — elabftwCWE-842 4.9 Medium2022-05-31
CVE-2021-43834 Incorrect Authentication in elabftw — elabftwCWE-287 9.1 Critical2021-12-15
CVE-2021-43833 Account takeover in eLabFTW — elabftwCWE-287 8.1 High2021-12-15
CVE-2021-41171 Bypass bruteforce protection on login form in elabftw — elabftwCWE-307 5.9 Medium2021-10-22
CVE-2021-32698 Blind Server-Side Request Forgery (SSRF) in eLabFTW — elabftwCWE-918 6.8 Medium2021-06-21

This page lists every published CVE security advisory associated with elabftw. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.