CVE-2026-52784

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This vulnerability is fixed in 17.3.3 and 17.4.1.
Configurations

No configuration.

History

26 Jun 2026, 20:20

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-26 20:17

Updated : 2026-06-26 20:20


NVD link : CVE-2026-52784

Mitre link : CVE-2026-52784

CVE.ORG link : CVE-2026-52784


JSON object : View

Products Affected

No product.

CWE
CWE-352

Cross-Site Request Forgery (CSRF)