EUVD-2026-14925
GHSA-8hp8-9fhr-pfm9
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Description
Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the `LinkSharing.ReadAll()` method allows link share authenticated users to list all link shares for a project, including their secret hashes. While `LinkSharing.CanRead()` correctly blocks link share users from reading individual shares via `ReadOne`, the `ReadAllWeb` handler bypasses this check by never calling `CanRead()`. An attacker with a read-only link share can retrieve hashes for write or admin link shares on the same project and authenticate with them, escalating to full admin access. Version 2.2.2 patches the issue.
Analysis
Vikunja, an open-source self-hosted task management platform, contains an authorization bypass vulnerability that allows attackers with read-only link share access to escalate privileges to full admin access. The ReadAllWeb handler fails to enforce proper access controls when listing link shares, exposing secret hashes for higher-privilege shares. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: inventory all Vikunja deployments and identify instances running versions prior to 2.2.2; disable or restrict link sharing features if possible. Within 7 days: apply vendor patch to version 2.2.2 or later across all affected systems, prioritizing production environments. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today