CVE-2026-27819

Vikunja prior to 2.0.0 contains a path traversal vulnerability in the CLI restore path. The restore.go logic in go-vikunja/vikunja uses the ZIP entry’s Name directly in os.OpenFile calls without validating paths, allowing a malicious ZIP to escape the intended extraction directory and overwrite a...