PT-2026-22224 · Unknown · Initiative

Highjordandrakop

Published

2026-02-26

Updated

2026-03-03

CVE-2026-28276

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Initiative versions prior to 0.32.2

Description An access control issue exists in Initiative, a self-hosted project management platform. Uploaded documents are served from a publicly accessible /uploads/ directory without authentication or authorization checks. This allows unauthenticated users to access any uploaded file directly via its URL, potentially leading to the disclosure of sensitive documents.

Recommendations Update to version 0.32.2 or later.

Exploit

Fix

Missing Authorization

Information Disclosure

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200CWE-284

Related Identifiers

CVE-2026-28276

GHSA-W34J-FX72-H2PQ

Affected Products

Initiative

PT-2026-22224 · Unknown · Initiative

CVE-2026-28276

Weakness Enumeration

Related Identifiers

Affected Products

References · 8