CVE-2026-39857 | apostrophe up to 4.28.x REST API distinct information disclosure (GHSA-c276-fj82-f2pq)

A vulnerability marked as problematic has been reported in apostrophe up to 4.28.x. The impacted element is the function distinct of the component REST API. Performing a manipulation results in information disclosure.

This vulnerability is reported as CVE-2026-39857. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More