CVE-2026-33334 in vikunja情報

要約

〜によって MITRE • 2026年03月24日

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables `nodeIntegration` in the renderer process without `contextIsolation` or `sandbox`. This means any cross-site scripting (XSS) vulnerability in the Vikunja web frontend -- present or future -- automatically escalates to full remote code execution on the victim's machine, as injected scripts gain access to Node.js APIs. Version 2.2.0 fixes the issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

GitHub M

予約する

2026年03月18日

公開

2026年03月24日

モデレーション

承諾済み

エントリ

VDB-352816

CPE

準備完了

CWE

CWE-94 (確認済み)

CVSS

9.6 (NVD)

EPSS

0.00179

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33334
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33334
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33334/

◂ 前概要次 ▸

Want to know what is going to be exploited?

We predict KEV entries!