CVE-2026-28803 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a…
Medium CVSS: 6.5

CVE-2026-28803

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned. Attackers can guess a code or modify the received code to look up arbitrary submissions, after logging in (with DigiD/eHerkenning/... depending on form configuration). This vulnerability is fixed in 3.3.13 and 3.4.5.
Vendor
Maykinmedia
Product
Open Forms
CWE
CWE-284
Yayın Tarihi
2026-03-11 16:16:40
Güncelleme
2026-03-17 19:19:19
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-284 Open Forms MEDIUM Maykinmedia 2026

Referanslar

https://github.com/open-formulieren/open-forms/security/advisories/GHSA-2g49-rfm6-5qj5