| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40304 | zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records | openziti | zrok | Medium | 5.3 | 2026-04-17 21:04:24 | Deep Dive |
| CVE-2026-40303 | zrok allows unauthenticated DoS via unbounded memory allocation in striped session cookie parsing | openziti | zrok | High | 7.5 | 2026-04-17 21:01:52 | Deep Dive |
| CVE-2026-40302 | zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering | openziti | zrok | Medium | 6.1 | 2026-04-17 20:56:08 | Deep Dive |