CVE-2026-59708 - Ghostfolio - Unauthorized Portfolio Data Exposure via Public Endpoint
CVE ID :CVE-2026-59708 Published : July 7, 2026, 6:38 p.m. | 36 minutes ago Description :The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers...