Vulnerabilities in BOINC Server

Security researcher Raphaël Arrouas (Xel) identified zero-day vulnerabilities in the BOINC server and responsibly reported details through our Managed Bug Bounty Program.

Security analyst Michael Häseler coordinated the responsible disclosure procedure with the BOINC developers and the National Cyber Security Centre (NCSC).

Details to these advisories:

CSNC-2025-002 / Multiple Reflected XSS Injections

CSNC-2025-003 / Stored XSS Injection

CSNC-2025-004 / Multiple SQL Injections

CSNC-2025-005 / Cross-Site Request Forgery

Back