Ech0

Ech0

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2026-35037

Exploit
  • EPSS 0.29%
  • Veröffentlicht 06.04.2026 16:56:54
  • Zuletzt bearbeitet 22.04.2026 18:59:55

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url query parameter and makes a server-side HTTP request to it without any...

7.5

CVE-2026-35036

Exploit
  • EPSS 0.33%
  • Veröffentlicht 06.04.2026 16:55:47
  • Zuletzt bearbeitet 14.04.2026 19:58:33

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview (editor fetches a page title) through GET /api/website/title. That is legitimate product behavior, but the implementation ...

5.3

CVE-2026-33638

  • EPSS 0.48%
  • Veröffentlicht 26.03.2026 20:52:40
  • Zuletzt bearbeitet 31.03.2026 21:09:16

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, `GET /api/allusers` is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user en...