Vulnerabilities

CVE-2026-27116

by Fred · 25/02/2026

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the `filter` URL parameter is rendered into the DOM without output encoding when the user clicks “Filter.” While `

`, ``, ``) render without restriction — enabling SVG-based phishing buttons, external redirect links, and content spoofing within the trusted application origin. Version 2.0.0 fixes this issue.

More information : https://github.com/go-vikunja/vikunja/security/advisories/GHSA-4qgr-4h56-8895

Share this:
X
Bluesky
Facebook
LinkedIn
Threads
Mastodon

Similar

Tags: Cybersecurity Alert

Next story CVE-2026-27148

Previous story CVE-2026-26986

Search for:

Recent Posts

CVE-2026-7647

CVE-2026-7049

CVE-2026-6916

CVE-2026-6812

CVE-2026-6447

CVE-2026-5113

CVE-2026-5112

CVE-2026-5111

CVE-2026-5110

CVE-2026-5109

CVE-2026-7641

CVE-2026-7604

CVE-2026-7603

CVE-2026-7458

CVE-2026-6963

CVE-2026-6446

CVE-2026-4882

CVE-2026-4658

CVE-2026-7638

CVE-2026-7602

CVE-2026-7209

CVE-2026-6378

CVE-2026-7601

CVE-2026-43824

CVE-2026-7600

CVE-2026-7599

CVE-2026-7598

CVE-2026-7597

CVE-2026-7596

CVE-2026-7595

Categories

Critical cyberalert

Vulnerabilities

Tags
CISA Cybersecurity Alert Shields Up

© 1999-2026 NUYTSTECH. All Rights Reserved. Use of the CVE (Common Vulnerabilities and Exposures) from this non-profit website are subject to the terms of use.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.