CVE-2026-3977

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions projectsend versions prior to r1946

Description A security issue has been identified in projectsend related to the AJAX Endpoints component. The problem involves a missing authorization check within an unknown function of this component, allowing for remote exploitation. The manipulation of the AJAX Endpoints component can lead to unauthorized access. The patch identifier for this issue is 35dfd6f08f7d517709c77ee73e57367141107e6b.

Recommendations Deploy the patch with identifier 35dfd6f08f7d517709c77ee73e57367141107e6b.

Fix

Missing Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-863

Related Identifiers

CVE-2026-3977

Affected Products

Projectsend

CVE-2026-3977

Weakness Enumeration

Related Identifiers

Affected Products

References · 13