PT-2026-31953
Name of the Vulnerable Software and Affected Versions: Vikunja versions prior to 2.3.0 Description: The Vikunja file import endpoint incorrectly uses the attacker-controlled Size field from the JSON metadata within an import zip file instead of the actual decompressed file content length for file...