CVE-2026-4045

Name of the Vulnerable Software and Affected Versions projectsend versions prior to r1946

Description A flaw exists in projectsend up to revision r1945. This impacts an unknown function within the includes/Classes/Auth.php file. Manipulating the ldap email argument can cause an observable discrepancy in the response. The attack can be executed remotely and is associated with a high level of complexity. The exploit has been published. The vendor was contacted regarding this issue but did not respond.

Recommendations Update projectsend to version r1946 or later.