2026-04-03 13:25:53
Mattermost
PUBLISHED
** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victims fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued.