juice-shop CVE Debriefs

MEDIUM juice-shop CVE published 2026-06-15

CVE-2026-48518

CVE-2026-48518 is a medium-severity vulnerability in MultiJuicer, a tool for running separate Juice Shop instances on a central Kubernetes cluster. Versions 8.0.0 through 10.0.0 of MultiJuicer contain a cross-site request forgery (CSRF) vulnerability in the team join endpoint (POST /multi-juicer/api/teams/{team}/join). This endpoint accepted requests with any Content-Type, including text/plain, which does [truncated]

juice-shop CVE debriefs

CVE-2026-48518