HIGH
gophish
CVE published 2026-06-22
CVE-2026-39904
CVE-2026-39904 is a high-severity denial of service vulnerability in Gophish, a popular open-source phishing toolkit. The vulnerability, which has a CVSS score of 7.1, allows authenticated users with the User role to upload a crafted Office document as an email template attachment, which can cause the server to run out of memory and terminate. This is possible because the ApplyTemplate() function in model [truncated]