Flagforgectf Flagforge

8 CVEs affecting Flagforgectf Flagforge. Latest disclosed: 2026-01-08. Critical: 3, High: 4.

Top CVEs affecting Flagforgectf Flagforge
CVESeverityScorePublishedSummary
CVE-2025-59841Critical9.82025-09-25Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation…
CVE-2025-59827Critical9.82025-09-24Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated…
CVE-2025-61777Critical9.42025-10-06Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/b…
CVE-2025-59932High8.62025-09-27Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests w…
CVE-2025-59826High7.62025-09-23Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrec…
CVE-2026-21868High7.52026-01-08Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile…
CVE-2025-59833High7.52025-09-24Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plai…
CVE-2025-59843Medium5.32025-09-26Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[username] returns user email addresses in…