Post by Securing

3,141 followers

Aleksander Młodak has successfully discovered new vulnerabilities! 🎉 He recently analyzed LiquidFiles 4.2.7 and found two vulnerabilities: CVE-2026-36162 and CVE-2026-36163. A stored XSS issue combined with a CSP bypass could lead to account takeover, exposure of sensitive files and even full instance compromise.  The good news is that LiquidFiles acted fast and released version 4.2.8, which fixed these issues. If you use LiquidFiles, make sure to update to the latest version. Congratulations, Aleksander! We’re excited to see what you discover next. You can read the full story at the link below. 👇

Post contentPost contentPost content