CNNVD-202601-4733 Information

CNNVD ID

CNNVD-202601-4733

Related CVE

CVE-2026-24685

• CNNVD Published: 2026-01-28

Description (Chinese)

OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.6.6之前版本和17.0.2之前版本存在命令注入漏洞，该漏洞源于仓库差异下载端点存在任意文件写入，可能导致数据丢失和拒绝服务。

Description (English)

OpenProject is a Web-based project management software from OpenProject Open Source. There was a command-injection loophole in the previous 16.6.6 and 17.0.2 versions of the OpenProject, which resulted from the existence of random files at the different download end of the warehouse, which could lead to the loss of data and the denial of services.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

OpenProject

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/opf/openproject/security/advisories/GHSA-74p5-9pr3-r6pw https://access.redhat.com/security/cve/cve-2026-24685

Patch

https://github.com/opf/openproject/releases