top of page
perceptive_background_267k.jpg

An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the parseActions function

Published:

22 April 2026 at 22:00:00

Alert date:

23 April 2026 at 20:03:43

Source:

nvd.nist.gov

Click to open the original link from this advisory

Email & Messaging, Web Technologies

A critical vulnerability (CVE-2026-39087) has been identified in Ntfy ntfy.sh versions prior to v.2.21. The vulnerability exists in the parseActions function and allows remote attackers to execute arbitrary code. This represents a high-severity security flaw that could enable complete system compromise through remote code execution. Organizations using affected versions of Ntfy should immediately update to version 2.21 or later to mitigate this risk.

Technical details

Mitigation steps:

Affected products:

Ntfy

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-39087
http://ntfy.com
http://ntfysh.com
https://gist.github.com/MightyNawaf/5d41d6e8ead16e217f86b016002ecae5

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page