Security Advisories - idno/known - Packagist.org

idno/known Security Advisories for 1.5 (3)

[HIGH] Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal

PKSA-vr9w-vsjd-wjfy CVE-2026-28507 GHSA-37j7-56xc-c468

Affected version: <1.6.4

Reported by:
GitHub
[CRITICAL] Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint

PKSA-tjwq-xm4h-4hs1 CVE-2026-28508 GHSA-fcrh-fqxh-6fx6

Affected version: <=1.6.3

Reported by:
GitHub
[CRITICAL] Known affected by Account Takeover via Password Reset Token Leakage

PKSA-mcts-z5dp-tgk3 CVE-2026-26273 GHSA-78wq-6gcv-w28r

Affected version: <=1.6.2

Reported by:
GitHub