CVE-2026-27460

MEDIUM NVD

CVSS Score 6.5

Severity MEDIUM

Published Apr 10, 2026

Vendor unknown

Description

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service (DoS) vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly degrade its performance by uploading a large size ZIP file (ZIP Bomb). This vulnerability is fixed in 2.6.5.

References

https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-w8pq-4pwf-r2m8