Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/20 3:12 p.m.3 views

CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00174EPSS
Exploits1References2
CVE
CVE
added 2026/04/20 3:12 p.m.23 views

CVE-2026-40896

CVE-2026-40896 concerns OpenProject before version 17.3.0, where a user with the low-privilege permission manage_agendas in any project can inject agenda items into meetings across other projects due to an unscoped section lookup vulnerability. The attack does not require knowledge of the target ...

7.1CVSS5.8AI score0.00174EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/20 3:12 p.m.28 views

CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS0.00174EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

OpenProject 安全漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.3.0 had security vulnerabilities. These vulnerabilities stemmed from the ability of users with manage-agendas permissions to insert agenda items into meetings of arbitrary projects, potentiall...

7.1CVSS5.9AI score0.00174EPSS
Exploits1References1
Rows per page
Query Builder