CVE-2026-59708 | Ghostfolio up to 3.6.0 Portfolio Endpoint portfolio.php getPortfolio accessId information disclosure
A vulnerability has been found in Ghostfolio up to 3.6.0 and classified as problematic. Affected by this vulnerability is the function getPortfolio of the file /api/v1/public/portfolio.php of the component Portfolio Endpoint. The manipulation of the argument accessId leads to information disclosure.
This vulnerability is listed as CVE-2026-59708. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More