CVE-2026-44522 | enchant97 note-mark up to 0.19.3 HTTP Request Header assets filepath.Base input validation (GHSA-g49p-4qxj-88v3)

May 15, 2026 Yanac

A vulnerability was found in enchant97 note-mark up to 0.19.3. It has been rated as critical. This affects the function filepath.Base of the file /api/notes/{noteID}/assets of the component HTTP Request Header Handler. The manipulation leads to improper input validation.

This vulnerability is referenced as CVE-2026-44522. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More