CVE-2026-40035

CVE-2026-40035

Name

CVE-2026-40035

Description

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
disclosure@vulncheck.com	https://github.com/obsidianforensics/unfurl/security/advisories/GHSA-vg9h-jx4v-cwx2
disclosure@vulncheck.com	https://www.vulncheck.com/advisories/dfir-unfurl-werkzeug-debugger-exposure-via-string-config-parsing

Type

URI

disclosure@vulncheck.com

https://github.com/obsidianforensics/unfurl/security/advisories/GHSA-vg9h-jx4v-cwx2

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/dfir-unfurl-werkzeug-debugger-exposure-via-string-config-parsing

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:ryandfir:unfurl::::::::`	unfurl	>= None	<= 2025.08

CPE URI

Source package

Min version

Max version

cpe:2.3:a:ryandfir:unfurl:*:*:*:*:*:*:*:*

unfurl

>= None

<= 2025.08

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
unfurl	edge-community	0.4.3-r33	DWwanghao <wanghao03@loongson.cn>	possibly vulnerable
unfurl	edge-community	0.4.3-r32	DWwanghao <wanghao03@loongson.cn>	possibly vulnerable
unfurl	edge-community	0.4.3-r31	DWwanghao <wanghao03@loongson.cn>	possibly vulnerable
unfurl	edge-community	0.4.3-r30	DWwanghao <wanghao03@loongson.cn>	possibly vulnerable
unfurl	edge-community	0.4.3-r29	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r28	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r27	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r26	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r25	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r24	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r23	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r22	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r21	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r20	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r19	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	edge-community	0.4.3-r18	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	3.23-community	0.4.3-r32	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	3.23-community	0.4.3-r31	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	3.23-community	0.4.3-r30	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	3.23-community	0.4.3-r29	Celeste <cielesti@protonmail.com>	possibly vulnerable
unfurl	3.23-community	0.4.3-r28	Celeste <cielesti@protonmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages