How severe is CVE-2026-22601?

CVE-2026-22601 has a CVSS v3 score of 7.2 (HIGH).

CVE-2026-22601

Name: openproject
Author: openproject

7.2HIGH

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary

Publicado: 1/10/2026Atualizado: 1/14/2026

Descrição

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2.

Análise IADesenvolvido por IA

Produtos Afetados

openprojectopenproject

Referências

https://github.com/opf/openproject/releases/tag/v16.6.2
Release Notes
https://github.com/opf/openproject/security/advisories/GHSA-9vrv-7h26-c7jc
Vendor Advisory