Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ezpc-nx8b-s3h8
SummaryVikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any label that has at least one task association, regardless of project access. Label titles, descriptions, colors, and creator information are exposed. This vulnerability is fixed in 2.3.0.
Aliases
0
alias CVE-2026-35596
1
alias GHSA-hj5c-mhh2-g7jq
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-35596
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10285
published_at 2026-06-11T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10317
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.1034
published_at 2026-06-13T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10336
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-35596
1
reference_url https://github.com/go-vikunja/vikunja
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-vikunja/vikunja
2
reference_url https://github.com/go-vikunja/vikunja/pull/2578
reference_id 2578
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:51:36Z/
url https://github.com/go-vikunja/vikunja/pull/2578
3
reference_url https://github.com/go-vikunja/vikunja/commit/fc216c38afaa51dd56dde7a97343d2148ecf24c1
reference_id fc216c38afaa51dd56dde7a97343d2148ecf24c1
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:51:36Z/
url https://github.com/go-vikunja/vikunja/commit/fc216c38afaa51dd56dde7a97343d2148ecf24c1
4
reference_url https://github.com/go-vikunja/vikunja/security/advisories/GHSA-hj5c-mhh2-g7jq
reference_id GHSA-hj5c-mhh2-g7jq
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:51:36Z/
url https://github.com/go-vikunja/vikunja/security/advisories/GHSA-hj5c-mhh2-g7jq
5
reference_url https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0
reference_id v2.3.0
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:51:36Z/
url https://github.com/go-vikunja/vikunja/releases/tag/v2.3.0
Weaknesses
0
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ezpc-nx8b-s3h8