CVE-2026-46386 | opf openproject up to 17.2.3/17.3.1 Docker Image /my/two_factor_devices deserialization (GHSA-r85r-gjq2-f83r)

Inserito da Angelo Barbosa | Giu 26, 2026 | CVE

A vulnerability identified as critical has been detected in opf openproject up to 17.2.3/17.3.1. This issue affects some unknown processing of the file /my/two_factor_devices of the component Docker Image Handler. The manipulation leads to deserialization.

This vulnerability is documented as CVE-2026-46386. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-46386 | opf openproject up to 17.2.3/17.3.1 Docker Image /my/two_factor_devices deserialization (GHSA-r85r-gjq2-f83r)

Post correlati

CVE-2024-3461 | KioWare up to 8.35 on Windows excessive authentication

CVE-2026-42297 | argoproj argo-workflows up to 4.0.4 Sync ConfigMap Provider authorization

CVE-2025-7911 | D-Link DI-8100 1.0 jhttpd /upnp_ctrl.asp sprintf remove_ext_proto/remove_ext_port stack-based overflow

CVE-2024-29829 | Ivanti Endpoint Manager GetLogFileRulesSQL sql injection