Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.
https://cve.joaopaulodeoliveira.dev/cve.php/reserved/slah-informatica-sensitive-data-exposure
https://cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30994