Vaadin Flow
3 CVEs affecting Vaadin Flow. Latest disclosed: 2026-05-19. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2741 | Medium | 6.8 | 2026-03-10 | Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 thr… |
CVE-2026-2742 | Medium | 5.3 | 2026-03-10 | An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applica… |
CVE-2026-7860 | | 2026-05-19 | A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables i… |