Security Advisory

CVE-2026-28680

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-06 04:26:51

Last updated 2026-03-06 16:07:29

Assigner GitHub_M

State PUBLISHED

Description

Ghostfolio is an open source wealth management software. Prior to version 2.245.0, an attacker can exploit the manual asset import feature to perform a full-read SSRF, allowing them to exfiltrate sensitive cloud metadata (IMDS) or probe internal network services. This issue has been patched in version 2.245.0.

← Browse all CVEs View on cve.org ↗