Vulnerabilities

CVE-2026-23721 - OpenProject users with

2026-01-19 0 views admin

CVE ID : CVE-2026-23721 Published : Jan. 19, 2026, 5:52 p.m. | 21 minutes ago Description : OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, due to a failed permission check, if a user had the View Members permission in any project, they could enumerate all Groups and view which other users are part of the group. The issue has been fixed in OpenProject 17.0.1 and 16.6.5. No known workarounds are available. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-23721

Published

Jan. 19, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-23721

CVE-2026-23721 - OpenProject users with

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-23838 - Tandoor Recipes module allows SQLite database to be externally accessible with t...

CVE-2026-1172 - birkir prime GraphQL Directive graphql denial of service

CVE-2026-1171 - birkir prime GraphQL Field graphql denial of service

CVE-2025-69198 - Pterodactyl's improper resource locking allows raced queries to create more reso...

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3