CVE-2026-33334 in vikunjaИнформация

Сводка

по MITRE • 24.03.2026

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables `nodeIntegration` in the renderer process without `contextIsolation` or `sandbox`. This means any cross-site scripting (XSS) vulnerability in the Vikunja web frontend -- present or future -- automatically escalates to full remote code execution on the victim's machine, as injected scripts gain access to Node.js APIs. Version 2.2.0 fixes the issue.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub M

Резервировать

18.03.2026

Раскрытие

24.03.2026

Модерация

принято

Вход

VDB-352816

CPE

готов

CWE

CWE-94 (Подтверждённый)

CVSS

9.6 (NVD)

EPSS

0.00179

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33334
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33334
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33334/

◂ Предыдущий Обзор Далее ▸

Want to know what is going to be exploited?

We predict KEV entries!