CVE-2026-29789

Summary: Vito (self-hosted web app) suffers a cross-project privilege escalation due to a missing authorization check in workflow site-creation actions. Affected versions: prior to 3.20.3. Impact: an authenticated user with workflow write access in one project can create/manage sites on servers b...