Learn how to report security issues - Read Ibexa's security policy - Check out our security blog posts - Security Reporters Hall of Fame
IBEXA-SA-2026-002: "access_control" in security.yaml not working
IBEXA-SA-2026-001: Insufficient main landing page access control
IBEXA-SA-2025-005: Password change and XSS vulnerabilities in back office
IBEXA-SA-2025-004: XSS and enumeration vulnerabilities in back office
IBEXA-SA-2025-003: XSS vulnerabilities in back office
IBEXA-SA-2025-002: XXE vulnerability in RichText
IBEXA-SA-2025-001: Vulnerabilities in shopping cart and publish unscheduling
