CVE-2026-28503 | TandoorRecipes recipes up to 2.5.x cookbook/views/api.py query_synced_folder authorization (GHSA-6qpw-gwcq-68fv)

A vulnerability categorized as problematic has been discovered in TandoorRecipes recipes up to 2.5.x. This affects the function query_synced_folder of the file cookbook/views/api.py. Executing a manipulation can lead to authorization bypass.

This vulnerability is handled as CVE-2026-28503. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More