CVE-2026-28275
CVE-2026-28275 affects the self-hosted project management platform Initiative . Versions prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password, allowing older tokens to remain valid until expiration and continue to access protected API endpoints...