Auth bypass in Activepieces

CVE-2026-53536

Activepieces is an open source AI workflow automation platform. Prior to 0.83.0, the /v1/step-files/signed download endpoint verified the supplied JWT against the shared signing secret but did not check the token's audience, and combined w…

Affected products

Weakness classification (CWE)

References