Known Vulnerabilities for products from Vikunja

Listed below are 14 of the newest known vulnerabilities associated with the vendor "Vikunja".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-40103 json Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for cu... Not Provided 2026-04-10 2026-04-17
CVE-2026-35602 json Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the att... Not Provided 2026-04-10 2026-04-17
CVE-2026-35601 json Not Provided 2026-04-10 2026-04-13
CVE-2026-35600 json Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdo... Not Provided 2026-04-10 2026-04-17
CVE-2026-35599 json Not Provided 2026-04-10 2026-04-10
CVE-2026-35598 json Not Provided 2026-04-10 2026-04-14
CVE-2026-35597 json Not Provided 2026-04-10 2026-04-13
CVE-2026-35596 json Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL ... Not Provided 2026-04-10 2026-04-17
CVE-2026-35595 json Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_per... Not Provided 2026-04-10 2026-04-17
CVE-2026-35594 json Not Provided 2026-04-10 2026-04-14
CVE-2026-34727 json Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT t... Not Provided 2026-04-10 2026-04-20
CVE-2026-33700 json Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `DELETE /api/v1/projects/:project... Not Provided 2026-03-24 2026-03-30
CVE-2026-33680 json Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the `LinkSharing.ReadAll()` method al... Not Provided 2026-03-24 2026-03-30
CVE-2026-33679 json Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the `DownloadImage` function in `pkg/... Not Provided 2026-03-24 2026-03-30
CVE-2026-33678 json Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, `TaskAttachment.ReadOne()` queries at... Not Provided 2026-03-24 2026-03-30