CVE-2026-27460

Exploit

EPSS 0.3%
Veröffentlicht 10.04.2026 19:16:21
Zuletzt bearbeitet 14.04.2026 17:29:17
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tandoor Recipes Affected by Denial of Service via Recipe Import

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service (DoS) vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly degrade its performance by uploading a large size ZIP file (ZIP Bomb). This vulnerability is fixed in 2.6.5.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tandoor ≫ Recipes Version < 2.6.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.213

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)

The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-w8pq-4pwf-r2m8

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-27460

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27460

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27460

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27460