CVE ID :CVE-2026-5022 Published : March 27, 2026, 3:17 p.m. | 29 minutes ago Description :The '/api/v1/files/images/{flow_id}/{file_name}' endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...