CVE-2026-35597 | go-vikunja up to 2.2.x Login login.go HandleFailedTOTPAuth excessive authentication (GHSA-fgfv-pv97-6cmj)

Inserito da Angelo Barbosa | Apr 10, 2026 | CVE

A vulnerability was found in go-vikunja vikunja up to 2.2.x. It has been rated as problematic. This affects the function HandleFailedTOTPAuth of the file pkg/routes/api/v1/login.go of the component Login. Performing a manipulation results in improper restriction of excessive authentication attempts.

This vulnerability was named CVE-2026-35597. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.

CVE-2026-35597 | go-vikunja up to 2.2.x Login login.go HandleFailedTOTPAuth excessive authentication (GHSA-fgfv-pv97-6cmj)

Post correlati

CVE-2024-11708 | Mozilla Firefox up to 132 Thread information disclosure

CVE-2025-12547 | LogicalDOC Community Edition up to 9.2.1 Admin Login Page /login.jsp excessive authentication

CVE-2024-37508 | Rara Theme Construction Landing Page Plugin up to 1.3.5 on WordPress cross-site request forgery

CVE-2024-28386 | Home-Made.io fastmagsync up to 1.7.51 getPhpBin Privilege Escalation