CVE-2026-30235

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.2.0

Description OpenProject is an open-source, web-based project management software. A flaw exists due to improper validation of Markdown rendering, specifically in hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM clobbering. DOM clobbering can cause the entire page to crash or become blank by overwriting native DOM functions with HTML elements, leading to runtime errors during application initialization and halting further execution.

Recommendations Versions prior to 17.2.0 should be updated to version 17.2.0 or later.