Vulnerabilities3 min read
Vikunja Auth Flaw Lets Attackers Maintain Access After Password Reset
CVE-2026-27575 combines weak password enforcement with persistent sessions in Vikunja, enabling attackers to retain access even after victims change credentials.
Marcus ChenFeb 27, 2026