How severe is CVE-2026-22601?

CVE-2026-22601 has a CVSS v3 score of 7.2 (HIGH).

CVE-2026-22601

Name: openproject
Author: openproject

7.2HIGH

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary

게시됨: 1/10/2026업데이트됨: 1/14/2026

설명

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2.

AI 분석AI 기반

영향받는 제품

openprojectopenproject

참조

https://github.com/opf/openproject/releases/tag/v16.6.2
Release Notes
https://github.com/opf/openproject/security/advisories/GHSA-9vrv-7h26-c7jc
Vendor Advisory