Lucene search
K

4 matches found

OSV
OSV
added 2026/03/24 3:46 p.m.3 views

CVE-2026-33679 Vikunja has SSRF via OpenID Connect Avatar Download that Bypasses Webhook SSRF Protections

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their...

6.4CVSS6.5AI score0.00395EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/24 3:46 p.m.4 views

CVE-2026-33679 Vikunja has SSRF via OpenID Connect Avatar Download that Bypasses Webhook SSRF Protections

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their...

6.4CVSS5.9AI score0.00395EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/24 3:46 p.m.19 views

CVE-2026-33679 Vikunja has SSRF via OpenID Connect Avatar Download that Bypasses Webhook SSRF Protections

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DownloadImage function in pkg/utils/avatar.go uses a bare http.Client with no SSRF protection when downloading user avatar images from the OpenID Connect picture claim URL. An attacker who controls their...

6.4CVSS0.00395EPSS
Exploits1References3
CVE
CVE
added 2026/03/24 3:46 p.m.10 views

CVE-2026-33679

Vikunja Open Source (self-hosted task manager) contains an SSRF vulnerability in the avatar download path. Before version 2.2.1, DownloadImage (pkg/utils/avatar.go) uses a bare http.Client with no SSRF protection when fetching the user’s OpenID Connect picture URL, enabling an attacker-controlled...

7.4CVSS5.9AI score0.00395EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder