Threats Tagged 'cve-2026-44735'
View all threats tagged with 'cve-2026-44735'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-44735'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-44735: CWE-863: Incorrect Authorization in opf openprojectCVE-2026-44735 0 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the view_shared_work_packages permission. The authorization check operates at the project level only — it does not verify the requesting user can actually view each individual shared work package. This allows a regular project member to discover work package IDs and subjects (including confidential titles), which users have been granted shared access, what role level was assigned (Editor, Commenter, Viewer). This vulnerability is fixed in 17.3.2 and 17.4.0. Join the discussion | CVE Database V5 | 06/26/2026, 19:32:21 UTC Added: 06/26/2026, 20:07:31 UTC |
Showing 1 to 1 of 1 result