CVE Catalog

CVE-2026-52780

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE).

Risk Assessment

An attacker can exploit the vulnerability to execute arbitrary code remotely on the server, potentially leading to full system compromise and data breach.

Recommendation

Immediately update OpenProject to version 17.3.3 or 17.4.1, which fix this vulnerability.

Original NVD description (English source)

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed in 17.3.3 and 17.4.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS