CVE Catalog
CVE-2026-50886
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk0.15%
4th percentile — higher than 4% of all known CVEs
Summary
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.
Risk Assessment
The organization may be exposed to unauthorized access to internal resources, potentially leading to data leaks or other serious security incidents.
Recommendation
It is recommended to update to the latest version of Project Firefly III and implement appropriate access control mechanisms to secure the webhook management component.
Original NVD description (English source)
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.

