CVE-2026-24776

Medium CVSS: 4.3

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting (or is the backlog, in case of recurring meetings). This allowed an attacker to move a meeting agenda item into a different meeting. The attacker did not get access to meetings, but they could add arbitrary agenda items, that could cause confusions. The vulnerability is fixed in 17.0.2.

Vendor

Openproject

Product

Openproject

CWE

CWE-639

Yayın Tarihi

2026-02-06 18:15:58

Güncelleme

2026-02-23 18:14:32

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-639 Openproject MEDIUM Openproject 2026

Referanslar

https://github.com/opf/openproject/releases/tag/v17.0.2 https://github.com/opf/openproject/security/advisories/GHSA-p9v8-w9ph-hqmf

Benzer Kayıtlar

Critical

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2…

Critical

CVE-2026-32703

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 1…

Low

CVE-2026-31974

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint (P…

Medium

CVE-2026-30235

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to…

Medium

CVE-2026-30236

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and…

Medium

CVE-2026-30239

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the wor…