CVE-2026-35596 | go-vikunja up to 2.2.x hasAccessToLabel Label titles/descriptions/colors/creator authorization (GHSA-hj5c-mhh2-g7jq)

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability was found in go-vikunja vikunja up to 2.2.x. It has been declared as problematic. Affected by this issue is the function hasAccessToLabel. Such manipulation of the argument Label titles/descriptions/colors/creator leads to incorrect authorization.

This vulnerability is uniquely identified as CVE-2026-35596. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-35596 | go-vikunja up to 2.2.x hasAccessToLabel Label titles/descriptions/colors/creator authorization (GHSA-hj5c-mhh2-g7jq)

Post correlati

CVE-2024-1666 | lunary-ai lunary up to 1.2.6 Web UI access control

CVE-2023-6921 | Google Integrator Addon prior 2.1.4 on PrestaShow Cookie sql injection

CVE-2024-27623 | CMS Made Simple 2.2.19 Template injection

CVE-2025-13674 | Wireshark 4.6.0 BPv7 Dissector uninitialized pointer (ID 20770 / EUVD-2025-199716)