CVE-2026-56765 - Vikunja - Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR
CVE ID :CVE-2026-56765 Published : July 10, 2026, 3:16 p.m. | 1 hour, 16 minutes ago Description :Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares....