CVE-2026-28268
The CVE concerns Vikunja, an open-source self-hosted task management platform. Affected component: vikunja/api password reset mechanism. Root cause: password reset tokens are not invalidated after use and a token cleanup cron bug allows reset tokens to remain valid indefinitely. Impact: an attack...