CNNVD-202601-3024 Information

Jan 19, 2026 cve

CNNVD ID

CNNVD-202601-3024

CVE-2026-23646

  • CNNVD Published: 2026-01-19

Description (Chinese)

OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.6.5之前版本和17.0.1之前版本存在安全漏洞,该漏洞源于删除会话时未验证会话所属用户,可能导致未经身份验证的用户终止其他用户的会话。

Description (English)

OpenProject is a Web-based project management software from OpenProject Open Source. There is a security loophole in previous versions of OpenProject 16.6.5 and 17.0.1, which arises from the absence of authentication of the user of the session at the time the session was deleted, which may result in the termination of the other user ’ s session by an unidentified user.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenProject

Published

2026-01-19

Last Modified

2026-02-24

References

https://github.com/opf/openproject/releases/tag/v16.6.5 https://github.com/opf/openproject/security/advisories/GHSA-w422-xf8f-v4vp https://github.com/opf/openproject/releases/tag/v17.0.1 https://access.redhat.com/security/cve/cve-2026-23646

Patch

https://github.com/opf/openproject/releases

Share on: