4.3

CVE-2026-22605

EPSS 0.19%
Veröffentlicht 10.01.2026 01:07:10
Zuletzt bearbeitet 14.01.2026 22:27:55
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OpenProject is Vulnerable to Insecure Direct Object Reference in Meetings

OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has been patched in version 16.6.3.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openproject ≫ Openproject Version < 16.6.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.091

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/opf/openproject/security/advisories/GHSA-fq4m-pxvm-8x2j

Patch

Vendor Advisory

https://github.com/opf/openproject/releases/tag/v16.6.3

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-22605

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22605

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22605

EUVD