CVE-2026-55445
Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not /open/user/init, while rewrite'/open/', '/api/$1' rewrites the whitelisted /open/ path after JWT...