CyberRota
← Ana sayfaya dön

CVE-2026-56765

CRITICAL · CVSS 9.8 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-10T15:16:43.727 · Çekilme zamanı: 2026-07-10T18:27:16.498550+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-56765
Severity
CRITICAL
CVSS
9.8
EPSS
Yok

Orijinal NVD Açıklaması

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches attachments by sequential ID without verifying ownership, allowing attackers to download and delete all file attachments across all projects instance-wide.