CVE Catalog
CVE-2026-52780
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk0.23%
14th percentile — higher than 14% of all known CVEs
Summary
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE).
Risk Assessment
An attacker can exploit the vulnerability to execute arbitrary code remotely on the server, potentially leading to full system compromise and data breach.
Recommendation
Immediately update OpenProject to version 17.3.3 or 17.4.1, which fix this vulnerability.
Original NVD description (English source)
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed in 17.3.3 and 17.4.1.

