CVE-2026-33473
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.7 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Vulnerability Description
Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-287
Source
GitHub
Vendor
go
Product
code.vikunja.io/api
Discussion (0)
Add Comment
No comments yet. Be the first!