CVE-2026-56765
CRITICAL
NVD
CVSS Score
9.8
Severity
CRITICAL
Published
Jul 10, 2026
Vendor
unknown
Description
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches attachments by sequential ID without verifying ownership, allowing attackers to download and delete all file attachments across all projects instance-wide.