What is the CVSS score of CVE-2026-27949?

CVE-2026-27949 has a CVSS 3.1 base score of 2.0 (Low). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-27949?

Yes, a patch is available for CVE-2026-27949. Update the affected software to the latest version immediately.

Plane CVE-2026-27949

EUVD-2026-19935 LOW

Information Exposure (CWE-200)

2026-04-07 security-advisories@github.com

Information Disclosure Plane

2.0

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

2.0 LOW

AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

1.3.0

EUVD ID Assigned

Apr 07, 2026 - 21:22 euvd

EUVD-2026-19935

Analysis Generated

Apr 07, 2026 - 21:22 vuln.today

CVE Published

Apr 07, 2026 - 21:17 nvd

LOW 2.0

DescriptionGitHub Advisory

Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling (e.g., when an invalid magic code is submitted). Transmitting personally identifiable information (PII) via GET request query strings is classified as an insecure design practice. The affected code path is located in the authentication utility module (packages/utils/src/auth.ts). This vulnerability is fixed in 1.3.0.

AnalysisAI

Plane project management tool versions prior to 1.3.0 leak user email addresses in authentication error URLs, transmitting personally identifiable information via unencrypted GET query parameters. The vulnerability requires high-privilege access and user interaction to trigger, exposing email disclosure with low confidentiality impact and no integrity or availability consequences. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Despite a CVSS score of 2.0, this vulnerability represents genuine security debt in a multi-user SaaS-capable platform. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An administrator monitoring Plane authentication logs or a proxy logging HTTP traffic observes a user's authentication error URL containing their email address as a query parameter (e.g., ?email=user@example.com). The email is then visible in web server access logs, browser history caches, or CDN logs, enabling email address enumeration attacks or phishing targeting of user account recovery flows. …
Remediation	Upgrade Plane to version 1.3.0 or later, which includes the patched authentication utility module that removes email addresses from URL query parameters during error handling. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-10850 MEDIUM This Month

6.9 Jun 17

Stored cross-site scripting in Plane CE 1.3.1 allows an authenticated low-privileged project member to inject arbitrary

CVE-2026-27949 vulnerability details – vuln.today

Back