CRITICAL
Vikunja
CVE published 2026-07-10
CVE-2026-56765
A critical vulnerability was discovered in Vikunja, a project management platform, which allows for permission escalation and unauthorized access to file attachments across all projects instance-wide. The vulnerability is caused by an authorization flaw in the LinkSharing.ReadAll endpoint and insecure handling of task IDs in the GetTaskAttachment endpoint. This flaw enables attackers to escalate privilege [truncated]