CVE-2026-5022
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Mar 27, 2026
Vendor
unknown
Description
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.