CNNVD-202601-1770 Information

CNNVD ID

CNNVD-202601-1770

Related CVE

CVE-2026-22605

• CNNVD Published: 2026-01-10

Description (Chinese)

OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.6.3之前版本存在访问控制错误漏洞，该漏洞源于访问控制不当，可能导致越权访问会议详情。

Description (English)

OpenProject is a Web-based project management software from OpenProject Open Source. Prior to the OpenProject 16.6.3, there was a bug in access control, which stemmed from inappropriate access controls, which could lead to ultra vires access to conference details.

Hazard Level

High

Vulnerability Type

访问控制错误

Affected Vendor

OpenProject

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/opf/openproject/releases/tag/v16.6.3 https://github.com/opf/openproject/security/advisories/GHSA-fq4m-pxvm-8x2j

Patch

https://github.com/opf/openproject/releases