CVE-2026-28275

Name of the Vulnerable Software and Affected Versions Initiative versions prior to 0.32.4

Description Initiative, a self-hosted project management platform, does not invalidate previously issued JWT access tokens after a user changes their password. This allows older tokens to remain valid until their expiration, enabling continued authenticated access to protected API endpoints even after a password update. The vulnerable component is related to JWT (JSON Web Token) access token handling.

Recommendations Update to version 0.32.4 or later.