📦 Vikunja

Name: Vikunja
Author: Vikunja

by Vikunja

🔍 What is Vikunja?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2026-27575

CRITICAL CVSS 9.1 Feb 25, 2026

This vulnerability in Vikunja task management software allows attackers to compromise accounts through weak password policies and maintain persistent access even after password resets. All self-hosted...

CVE-2026-27819

HIGH CVSS 7.2 Feb 25, 2026

This vulnerability in Vikunja allows attackers to overwrite arbitrary files on the host system by uploading a malicious ZIP archive during configuration restoration. It can also crash the application ...

CVE-2026-27116

MEDIUM CVSS 6.1 Feb 25, 2026

Vikunja versions before 2.0.0 have a reflected HTML injection vulnerability in the Projects module's filter parameter. This allows attackers to inject malicious HTML elements like SVG phishing buttons...

CVE-2026-25935

MEDIUM CVSS 5.4 Feb 11, 2026

This is a cross-site scripting (XSS) vulnerability in Vikunja todo application where malicious HTML/JavaScript can be injected into task descriptions. When users hover over affected tasks, the injecte...