CVE-2026-28511— elabftw has entry title leakage through autocompletion search
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-28511
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
elabftw has entry title leakage through autocompletion search
Source: NVD (National Vulnerability Database)
Vulnerability Description
eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited (only the title). Attempts to access the underlying protected resource content remain blocked by authorization checks. Version 5.4.2 fixes the issue. # Affected Scope Cross-scope visibility of titles. No confirmed bypass of content-level access controls # Preconditions An authenticated user account No special privileges required beyond standard access # Impact This may enable unauthorized disclosure of sensitive information if confidential data is included in resource titles. Examples could include project names, patient identifiers, or other regulated information embedded in titles.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-28511
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-28511
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-28511 (1)
IV. Related Vulnerabilities
Same product: elabftw
- CVE-2026-28510
elabftw allows MFA bypass during login - CVE-2025-62793
eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads - CVE-2025-25206
Incorrect input validation could allow an authenticated user - CVE-2024-52586
eLabFTW MFA bypass - CVE-2024-47826
eLabFTW vulnerable to HTML Injection in extended search erro
Same vendor: elabftw
- CVE-2026-28510
elabftw allows MFA bypass during login - CVE-2025-62793
eLabFTW HTML / CSS Injection via Malicious SVG Upload Leads - CVE-2025-25206
Incorrect input validation could allow an authenticated user - CVE-2024-52586
eLabFTW MFA bypass - CVE-2024-47826
eLabFTW vulnerable to HTML Injection in extended search erro
Same weakness: CWE-200
- CVE-2026-45553
NiceGUI: Local file disclosure via Docutils file insertion i - CVE-2026-45080
Klaw: Improper Access Control Allows Disclosure of Password - CVE-2026-40965
Cloud Foundry UAA EC私钥暴露漏洞 - CVE-2026-45286
Nextcloud: Calendar app leaked user identifiers via attendee - CVE-2026-45277
Nextcloud: Information disclosure in Nextcloud Approval app
V. Comments for CVE-2026-28511
No comments yet