CVE-2026-29789 - Vito: Cross-project privilege escalation in workflow site-creation actions allow...

CVE ID :CVE-2026-29789 Published : March 6, 2026, 8:35 p.m. | 38 minutes ago Description :Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage sites on servers belonging to other projects by supplying a foreign server_id. This issue has been patched in version 3.20.3. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...