CVE-2026-26957

NONE
Published Feb 20, 20264mo ago · Modified Jun 9, 20263w ago
Find Similar
Published Feb 20, 2026 4mo ago
Last Modified Jun 9, 2026 3w ago

Description

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: Upon further research, the maintainer determined that the behavior described by the CVE record is intended behavior. Per the GitHub Security Advisory: "Libredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it. Anyone holding this permission already has full administrative control over the application, and outbound HTTP to operator-chosen URLs is the documented purpose of the webhook feature. This is working as designed." Notes: none.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.