eLabFTW: IDOR exposes restricted resource titles — MEDIUM (CVE-2026-28511)

CISO Take

eLabFTW, an open-source electronic lab notebook used in research and AI/ML environments, contains an authorization flaw where authenticated users with no special privileges can retrieve titles of resources they are not permitted to access by performing numeric reference searches. While content-level access controls remain intact, titles alone can expose sensitive data — project codenames, patient cohort identifiers, proprietary AI research topics, or regulated dataset names — with direct implications for GDPR, HIPAA, and internal data classification policies. With CVSS 4.3, no KEV listing, and no public exploit, this is not a fire drill, but the trivially low exploitation barrier (any valid account, no complexity) makes insider threat and supply-chain-adjacent scenarios realistic for research-heavy organizations. Upgrade to version 5.4.2 immediately; no workaround is available short of restricting authenticated access to trusted networks.

Sources: NVD GitHub Advisory ATLAS

What is the risk?

Medium risk. The vulnerability requires only a low-privilege authenticated account, operates over the network with low complexity and no user interaction, and is trivial to exploit. The blast radius is constrained to title-level information disclosure — no content access is granted. However, in AI/ML research contexts titles are often information-dense and may leak intellectual property, experiment identifiers, or regulated identifiers. The absence of active exploitation evidence and public exploits moderates urgency, but any authenticated insider can weaponize this immediately after login.

Attack Kill Chain

Initial Access

Attacker authenticates to eLabFTW using a valid low-privilege account such as a collaborator, contractor, or guest role.

AML.T0012

Enumeration

Attacker performs sequential numeric reference searches via the search interface, iterating over resource IDs across teams or groups they do not belong to.

AML.T0036

Data Collection

Search results return titles of restricted resources the attacker is not authorized to view, exposing project names, experiment identifiers, or regulated data labels.

AML.T0025

Impact

Attacker maps the organization's AI research landscape from harvested titles, enabling competitive intelligence, targeted social engineering, or identification of high-value targets for follow-on attacks.

AML.T0048

Initial Access

Attacker authenticates to eLabFTW using a valid low-privilege account such as a collaborator, contractor, or guest role.

AML.T0012

Enumeration

Attacker performs sequential numeric reference searches via the search interface, iterating over resource IDs across teams or groups they do not belong to.

AML.T0036

Data Collection

Search results return titles of restricted resources the attacker is not authorized to view, exposing project names, experiment identifiers, or regulated data labels.

AML.T0025

Impact

Attacker maps the organization's AI research landscape from harvested titles, enabling competitive intelligence, targeted social engineering, or identification of high-value targets for follow-on attacks.

AML.T0048

Severity & Risk

CVSS 3.1

4.3 / 10

EPSS

0.0%

chance of exploitation in 30 days

Higher than 8% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

Attack Surface

AV Network

AC Low

PR Low

UI None

S Unchanged

C Low

I None

A None

What should I do?

5 steps

Upgrade eLabFTW to version 5.4.2 — the only confirmed fix.
Prior to patching, audit search and API access logs for sequential numeric enumeration patterns that may indicate prior exploitation.
As defense-in-depth, review resource title naming conventions to ensure titles do not embed regulated identifiers (PII, patient IDs, proprietary codenames).
Restrict eLabFTW instance access to VPN or internal networks to limit the network attack surface.
Enable audit logging for search operations to detect future enumeration attempts post-patch.

Classification

Data Leakage Privacy Violation API AML.T0025 - Exfiltration via Cyber Means AML.T0036 - Data from Information Repositories AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 10 - Data and data governance

ISO 42001

A.6.2.1 - Information access restriction

NIST AI RMF

GOVERN 1.6 - Policies and procedures for AI risk management

OWASP LLM Top 10

LLM06 - Sensitive Information Disclosure

Frequently Asked Questions

What is CVE-2026-28511?

eLabFTW, an open-source electronic lab notebook used in research and AI/ML environments, contains an authorization flaw where authenticated users with no special privileges can retrieve titles of resources they are not permitted to access by performing numeric reference searches. While content-level access controls remain intact, titles alone can expose sensitive data — project codenames, patient cohort identifiers, proprietary AI research topics, or regulated dataset names — with direct implications for GDPR, HIPAA, and internal data classification policies. With CVSS 4.3, no KEV listing, and no public exploit, this is not a fire drill, but the trivially low exploitation barrier (any valid account, no complexity) makes insider threat and supply-chain-adjacent scenarios realistic for research-heavy organizations. Upgrade to version 5.4.2 immediately; no workaround is available short of restricting authenticated access to trusted networks.

Is CVE-2026-28511 actively exploited?

No confirmed active exploitation of CVE-2026-28511 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-28511?

1. Upgrade eLabFTW to version 5.4.2 — the only confirmed fix. 2. Prior to patching, audit search and API access logs for sequential numeric enumeration patterns that may indicate prior exploitation. 3. As defense-in-depth, review resource title naming conventions to ensure titles do not embed regulated identifiers (PII, patient IDs, proprietary codenames). 4. Restrict eLabFTW instance access to VPN or internal networks to limit the network attack surface. 5. Enable audit logging for search operations to detect future enumeration attempts post-patch.

What systems are affected by CVE-2026-28511?

This vulnerability affects the following AI/ML architecture patterns: AI research platforms, Research data repositories, ML experiment tracking systems.

What is the CVSS score for CVE-2026-28511?

CVE-2026-28511 has a CVSS v3.1 base score of 4.3 (MEDIUM). The EPSS exploitation probability is 0.03%.

AI Security Impact

Affected AI Architectures

AI research platformsResearch data repositoriesML experiment tracking systems

MITRE ATLAS Techniques

AML.T0025 Exfiltration via Cyber Means

AML.T0036 Data from Information Repositories

AML.T0049 Exploit Public-Facing Application

Compliance Controls Affected

EU AI Act: Article 10

ISO 42001: A.6.2.1

NIST AI RMF: GOVERN 1.6

OWASP LLM Top 10: LLM06

Technical Details

Original Advisory

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited (only the title). Attempts to access the underlying protected resource content remain blocked by authorization checks. Version 5.4.2 fixes the issue. # Affected Scope Cross-scope visibility of titles. No confirmed bypass of content-level access controls # Preconditions An authenticated user account No special privileges required beyond standard access # Impact This may enable unauthorized disclosure of sensitive information if confidential data is included in resource titles. Examples could include project names, patient identifiers, or other regulated information embedded in titles.

Exploitation Scenario

An authenticated collaborator account (e.g., a contractor or visiting researcher) performs sequential numeric reference searches against the eLabFTW search or API endpoint — iterating resource IDs across teams or groups they do not belong to. Despite lacking read authorization on those resources, the search results return titles of restricted experiments. The attacker harvests these titles to reconstruct the organization's AI research portfolio, identify high-value targets (e.g., 'LLM fine-tuning on oncology dataset Phase 2'), correlate findings with public information for competitive intelligence, or craft highly targeted spear-phishing lures against research team members named in or associated with those projects.