CVE-2026-22605
OpenProject (web-based project management) versions prior to 16.6.3 are vulnerable to an insecure direct object reference in meetings. Users with View Meetings permission on any project could access meeting details from projects they do not have access to. This has been patched in version 16.6.3;...