{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T17:53:18.985","vulnerabilities":[{"cve":{"id":"CVE-2026-28680","sourceIdentifier":"security-advisories@github.com","published":"2026-03-06T05:16:37.343","lastModified":"2026-06-17T10:28:53.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Ghostfolio is an open source wealth management software. Prior to version 2.245.0, an attacker can exploit the manual asset import feature to perform a full-read SSRF, allowing them to exfiltrate sensitive cloud metadata (IMDS) or probe internal network services. This issue has been patched in version 2.245.0."},{"lang":"es","value":"Ghostfolio es un software de gestión de patrimonio de código abierto. Antes de la versión 2.245.0, un atacante puede explotar la función de importación manual de activos para realizar un SSRF de lectura completa, lo que les permite exfiltrar metadatos sensibles de la nube (IMDS) o sondear servicios de red internos. Este problema ha sido parcheado en la versión 2.245.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ghostfolio","product":"ghostfolio","versions":[{"version":"< 2.245.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-06T16:00:14.619218Z","id":"CVE-2026-28680","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ghostfol:ghostfolio:*:*:*:*:*:*:*:*","versionEndExcluding":"2.245.0","matchCriteriaId":"F4607553-B018-447B-8D8F-D1FBD94E3A8B"}]}]}],"references":[{"url":"https://github.com/ghostfolio/ghostfolio/releases/tag/2.245.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/ghostfolio/ghostfolio/security/advisories/GHSA-hhv6-c34h-pwgh","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]}]}}]}