Flagforgectf Flagforge
8 CVEs affecting Flagforgectf Flagforge. Latest disclosed: 2026-01-08. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59841 | Critical | 9.8 | 2025-09-25 | Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation… |
CVE-2025-59827 | Critical | 9.8 | 2025-09-24 | Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated… |
CVE-2025-61777 | Critical | 9.4 | 2025-10-06 | Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/b… |
CVE-2025-59932 | High | 8.6 | 2025-09-27 | Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests w… |
CVE-2025-59826 | High | 7.6 | 2025-09-23 | Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrec… |
CVE-2026-21868 | High | 7.5 | 2026-01-08 | Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile… |
CVE-2025-59833 | High | 7.5 | 2025-09-24 | Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plai… |
CVE-2025-59843 | Medium | 5.3 | 2025-09-26 | Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[username] returns user email addresses in… |