Vulnetix
Try Vulnetix Request Demo
CVE-2026-33313 PUBLISHED CVSS 5.300000190734863 MEDIUM

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to. Version 2.2.0 fixes the issue.

EPSS 0.03% · 7.1th percentile

Risk Scores

CVSS v4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.03%
7.1th percentile

Affected Products

VendorProductVersions
go-vikunjavikunja< 2.2.0, < 2.2.0, < 2.2.0
code.vikunja.ioapi0, 0, 0
vikunjavikunja0, 0, 0

Timeline

References

Open in Interactive Console →