CVE-2026-32255P2HIGHCVSS 8.6fixed in 0.5.52026-03-19
CVE-2026-32255 [HIGH] CWE-918 CVE-2026-32255: Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatc
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch() server-side, and returns the full response body. An unauthenticated attacker can u
nvd