Tag

Directus

1 brief RSS

Directus Aggregate Query Vulnerability Allows Disclosure of Concealed Data

A vulnerability in Directus versions prior to 11.17.0 allows authenticated users to extract concealed field values, including static API tokens and two-factor authentication secrets from directus_users, via aggregate queries.

directus vulnerability credential-access api-token 2fa-bypass

2r 1t Apr 4, 2026