CVE-2026-32097 in pingpongالمعلومات

الملخص

بحسب MITRE • 11/03/2026

PingPong is a platform for using large language models (LLMs) for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploaded files and model-generated output files. Exploitation required authentication and permission to view at least one thread for retrieval, and authentication and permission to participate in at least one thread for deletion. This vulnerability is fixed in 7.27.2.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

10/03/2026

إفشاء

11/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-350565

CPE

جاهز

CWE

CWE-639 (مؤكد)

CVSS

8.8 (NVD)

EPSS

0.00096

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32097
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32097
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32097/

التالي ▸نظرة عامة ◂ السابق

Might our Artificial Intelligence support you?

Check our Alexa App!