PT-2026-22224 · Unknown · Initiative

Highjordandrakop

Publicado

2026-02-26

Atualizado

2026-03-03

CVE-2026-28276

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Initiative versions prior to 0.32.2

Description An access control issue exists in Initiative, a self-hosted project management platform. Uploaded documents are served from a publicly accessible /uploads/ directory without authentication or authorization checks. This allows unauthenticated users to access any uploaded file directly via its URL, potentially leading to the disclosure of sensitive documents.

Recommendations Update to version 0.32.2 or later.

Exploit

Correção

Missing Authorization

Information Disclosure

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-200CWE-284

Identificadores relacionados

CVE-2026-28276

GHSA-W34J-FX72-H2PQ

Produtos afetados

Initiative

PT-2026-22224 · Unknown · Initiative

CVE-2026-28276

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8