OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed in 17.3.3 and 17.4.1.
History

Sat, 27 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Opf
Opf openproject
Vendors & Products Opf
Opf openproject

Fri, 26 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed in 17.3.3 and 17.4.1.
Title OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-26T19:09:21.329Z

Updated: 2026-06-27T02:55:37.024Z

Reserved: 2026-06-08T17:13:43.065Z

Link: CVE-2026-52780

cve-icon Vulnrichment

Updated: 2026-06-27T02:55:32.308Z

cve-icon NVD

No data.

cve-icon Redhat

No data.