Security Advisory

CVE-2026-28736

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-03 13:25:53
Last updated 2026-04-03 14:54:37
Assigner Mattermost
State PUBLISHED

Description

** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victims fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued.