Known Vulnerabilities for Canvas by Automattic
Listed below are 1 of the newest known vulnerabilities associated with "Canvas" by "Automattic".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-49386 json | In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Pl... | Not Provided | 2026-05-29 | 2026-05-29 |
| CVE-2026-45312 json | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in ... | Not Provided | 2026-05-29 | 2026-06-02 |
| CVE-2026-42046 json | libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas impo... | Not Provided | 2026-05-11 | 2026-05-12 |
| CVE-2026-40933 json | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serial... | Not Provided | 2026-04-21 | 2026-04-22 |
| CVE-2026-35656 json | OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trust... | Not Provided | 2026-04-10 | 2026-04-10 |
| CVE-2026-35643 json | OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbi... | Not Provided | 2026-04-10 | 2026-04-10 |
| CVE-2026-35634 json | OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest(... | Not Provided | 2026-04-09 | 2026-04-10 |
| CVE-2026-32814 json | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image wit... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-7977 json | Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origi... | Not Provided | 2026-05-06 | 2026-05-06 |
| CVE-2026-7363 json | Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arb... | Not Provided | 2026-04-28 | 2026-04-30 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Automattic | Canvas | 2.6.1 | |||
| Application | Automattic | Canvas | 2.6.0 | |||
| Application | Automattic | Canvas | 2.5.0 | |||
| Application | Automattic | Canvas | 2.4.1 | |||
| Application | Automattic | Canvas | 2.4.0 | |||
| Application | Automattic | Canvas | 2.3.1 | |||
| Application | Automattic | Canvas | 2.3.0 | |||
| Application | Automattic | Canvas | 2.2.0 | |||
| Application | Automattic | Canvas | 2.1.0 | |||
| Application | Automattic | Canvas | 2.0.1 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 | |||
| Application | Automattic | Canvas | 2.0.0 |