2 matches found
CVE-2026-52780
OpenProject (open-source, web-based project management software) is affected by a cache store poisoning vulnerability that can lead to Remote Code Execution (RCE) before versions 17.3.3 and 17.4.1. The issue is resolved in 17.3.3 and 17.4.1. Affected component details and underlying root cause ar...
CVE-2026-52783
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...