Missing Authorization in eLabFTW - #VU137361
Published: July 12, 2026
eLabFTW
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to missing authorization in the global stored-compounds inventory export feature when handling export requests. A remote user can export the global stored-compounds inventory to disclose sensitive information.
Exported data could include linked private titles.