{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T01:31:45.538","vulnerabilities":[{"cve":{"id":"CVE-2026-27575","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T22:16:26.383","lastModified":"2026-03-05T17:21:37.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to set weak passwords (e.g., 1234, password) without enforcing minimum strength requirements. Additionally, active sessions remain valid after a user changes their password. An attacker who compromises an account (via brute-force or credential stuffing) can maintain persistent access even after the victim resets their password. Version 2.0.0 contains a fix."},{"lang":"es","value":"Vikunja es una plataforma de gestión de tareas de código abierto autoalojada. Antes de la versión 2.0.0, la aplicación permite a los usuarios establecer contraseñas débiles (p. ej., 1234, password) sin aplicar requisitos de fortaleza mínima. Además, las sesiones activas permanecen válidas después de que un usuario cambia su contraseña. Un atacante que compromete una cuenta (mediante fuerza bruta o relleno de credenciales) puede mantener acceso persistente incluso después de que la víctima restablece su contraseña. La versión 2.0.0 contiene una corrección."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-521"},{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vikunja:vikunja:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.0","matchCriteriaId":"53D82FAD-8E42-40F8-A11D-1FE7EDB4620B"}]}]}],"references":[{"url":"https://github.com/go-vikunja/vikunja/security/advisories/GHSA-3ccg-x393-96v8","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]},{"url":"https://vikunja.io/changelog/vikunja-v2.0.0-was-released","source":"security-advisories@github.com","tags":["Release Notes"]}]}}]}