CVE-2026-28275 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after…
High CVSS: 8.1

CVE-2026-28275

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API endpoints. This behavior allows continued authenticated access even after the account password has been updated. Version 0.32.4 fixes the issue.
Vendor
Morelitea
Product
Initiative
CWE
CWE-613
Yayın Tarihi
2026-02-26 23:16:37
Güncelleme
2026-02-27 19:07:07
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-613 Initiative HIGH Morelitea 2026

Referanslar

https://github.com/Morelitea/initiative/releases/tag/v0.32.4 https://github.com/Morelitea/initiative/security/advisories/GHSA-hww6-3fww-xw3h