CVE-2026-22603
OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint /account/changepassword was not protected by the same brute-force safeguards that apply to the normal login form. In affected versions, an attacker...