CVE-2026-35462 — Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — r — CVE Database · The Intelligence Room