CNNVD-202601-1769 Information

CNNVD ID

CNNVD-202601-1769

Related CVE

CVE-2026-22601

• CNNVD Published: 2026-01-10

Description (Chinese)

OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.6.1及之前版本存在命令注入漏洞，该漏洞源于注册管理员可通过配置sendmail二进制路径并发送测试电子邮件来执行任意命令。

Description (English)

OpenProject is a Web-based project management software from OpenProject Open Source. OpenProject 16.6.1 and previous versions of the commands injected a loophole, which resulted from the fact that the registrar can execute any command by configuring the sendmail binary path and sending a test e-mail.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

OpenProject

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/opf/openproject/releases/tag/v16.6.2 https://github.com/opf/openproject/security/advisories/GHSA-9vrv-7h26-c7jc

Patch

https://github.com/opf/openproject/releases