CVE-2026-59097 Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets
Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...