Back to CVE List

CVE-2026-33473

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.7 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Vulnerability Description

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-287
Source
GitHub
Vendor
go
Product
code.vikunja.io/api

External References

Discussion (0)

Add Comment

No comments yet. Be the first!