GlobaLeaks Whistleblower Tool Leaks Sensitive Support Emails

/HIGH
SCW vulnerabilitycve
GlobaLeaks Whistleblower Tool Leaks Sensitive Support Emails

A critical vulnerability has been identified in GlobaLeaks, the open-source whistleblowing software designed for secure communication. According to CVE Notify, versions prior to 5.0.89 are susceptible to an issue within the /api/support endpoint. This flaw allows attackers to inject arbitrary URLs into support requests, which are then forwarded to administrators via email.

The implications are significant: an attacker could potentially craft a malicious support request containing a URL that, when clicked by an unsuspecting administrator, could lead to phishing attacks, credential harvesting, or the delivery of further malware. CVE Notify points out that this vulnerability stems from insufficient validation of user-submitted data within the support request mechanism.

Fortunately, GlobaLeaks has addressed this vulnerability in version 5.0.89. Users are strongly advised to update their installations immediately to patch this security hole and prevent potential exploitation.

What This Means For You

  • Ensure all instances of GlobaLeaks are updated to version 5.0.89 or later to remediate the arbitrary URL injection vulnerability in the support endpoint.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1566.002 Phishing: Spearphishing Link Initial Access

Indicators of Compromise

IDTypeIndicator
CVE-2026-33284 SSRF GlobaLeaks < 5.0.89, /api/support endpoint, allows arbitrary URLs in support emails

By Shimi's Cyber World Editorial

Get the full picture on this threat Search by organization or CVE, get analyst-ready IOCs, and set watchlist alerts — inside Telegram.
Try Intel Bot →