Improper input validation in Cve-search
CVE-2026-59509
An unauthenticated improper input validation vulnerability in the POST /fetch_cve_data endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
Affected products
- Cve-search — versions v4.0, 0
Weakness classification (CWE)
References
- 5a6e4751-2f3f-4070-9419-94fb35b644e8 (patch)
- 5a6e4751-2f3f-4070-9419-94fb35b644e8 (technical-description, exploit)