{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T20:01:23.933","vulnerabilities":[{"cve":{"id":"CVE-2026-24776","sourceIdentifier":"security-advisories@github.com","published":"2026-02-06T18:15:58.497","lastModified":"2026-02-23T18:14:32.807","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting (or is the backlog, in case of recurring meetings). This allowed an attacker to move a meeting agenda item into a different meeting. The attacker did not get access to meetings, but they could add arbitrary agenda items, that could cause confusions. The vulnerability is fixed in 17.0.2."},{"lang":"es","value":"OpenProject es un software de gestión de proyectos de código abierto y basado en la web. Antes de la 17.0.2, el manejador de arrastrar y soltar que movía un elemento de la agenda a una sección diferente no verificaba correctamente si la sección de reunión de destino formaba parte de la misma reunión (o si era el backlog, en el caso de reuniones recurrentes). Esto permitía a un atacante mover un elemento de la agenda de una reunión a una reunión diferente. El atacante no obtenía acceso a las reuniones, pero podía añadir elementos de la agenda arbitrarios, lo que podría causar confusiones. La vulnerabilidad está corregida en la versión 17.0.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openproject:openproject:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0.2","matchCriteriaId":"3FA4C106-EEE3-4582-BE10-010975AE359B"}]}]}],"references":[{"url":"https://github.com/opf/openproject/releases/tag/v17.0.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/opf/openproject/security/advisories/GHSA-p9v8-w9ph-hqmf","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}