Auth bypass in Gitroomhq Postiz-app

CVE-2026-48799

Postiz is an AI social media scheduling tool. Prior to 2.21.8, Postiz fails to verify Nowpayments IPN callback authenticity against the payment provider shared secret and reads the target subscription identifier from the untrusted request…

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-48799?
CVE-2026-48799 is a high-severity vulnerability in Gitroomhq Postiz-app, classified under Insufficient Verification of Data Authenticity. CVSS score: 7.7/10. Published 2026-07-15.
How severe is CVE-2026-48799?
High severity. CVSS v3 base score is 7.7 out of 10.