CNNVD-202601-4686 Information

CNNVD ID

CNNVD-202601-4686

Related CVE

CVE-2026-24775

• CNNVD Published: 2026-01-28

Description (Chinese)

OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 17.0.0版本至17.0.2之前版本存在数据伪造问题漏洞，该漏洞源于BlockNote编辑器扩展未正确验证工作包ID，可能导致任意GET请求。

Description (English)

OpenProject is a Web-based project management software from OpenProject Open Source. OpenProject 17.0.0 to 17.0.2 had a loophole in the problem of data forgery, which originated from the expansion of the Block Note Editor to the incorrect validation of the work package ID, which could lead to arbitrary GET requests.

Hazard Level

High

Vulnerability Type

数据伪造问题

Affected Vendor

OpenProject

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/opf/op-blocknote-extensions/releases/tag/v0.0.22 https://github.com/opf/openproject/security/advisories/GHSA-35c6-x276-2pvc https://access.redhat.com/security/cve/cve-2026-24775

Patch

https://github.com/opf/openproject/releases