CVE-2026-26957

CVE-2026-26957 is a security vulnerability that is still awaiting full analysis and scoring.

Key facts

Description

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: Upon further research, the maintainer determined that the behavior described by the CVE record is intended behavior. Per the GitHub Security Advisory: "Libredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it. Anyone holding this permission already has full administrative control over the application, and outbound HTTP to operator-chosen URLs is the documented purpose of the webhook feature. This is working as designed." Notes: none.

Frequently asked questions

What is CVE-2026-26957?
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: Upon further research, the maintainer determined that the behavior described by the CVE record is intended behavior. Per the GitHub Security Advisory: "Libredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it. Anyone holding this permission already has full administrative control over the application, and outbound HTTP to operator-chosen URLs is the documented purpose of the webhook feature. This is working as designed." Notes: none.
Is CVE-2026-26957 being actively exploited?
It is not currently listed in CISA's Known Exploited Vulnerabilities catalog, and no EPSS exploit-prediction score is available yet.
How do I fix CVE-2026-26957?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2026-26957 have an EU (EUVD) identifier?
Yes. CVE-2026-26957 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-8412.
When was CVE-2026-26957 published?
CVE-2026-26957 was published on 2026-02-20 and last updated on 2026-06-09.