CVE-2026-22601

7.2HIGH

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary

Publicado: 1/10/2026Actualizado: 1/14/2026
Ver en NVDVer en MITRE

Descripción

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2.

Análisis IAImpulsado por IA

Productos Afectados

openprojectopenproject

Referencias