What is CVE-2026-47193?

CVE-2026-47193 is a high-severity vulnerability in Opf Openproject, classified under Information Disclosure. CVSS score: 7.5/10. Published 2026-06-26.

How severe is CVE-2026-47193?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Opf Openproject

CVE-2026-47193

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in…

Vulnerability class: Information Disclosure

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Opf Openproject — versions < 17.3.3, >= 17.4.0, < 17.4.1

Weakness classification (CWE)

CWE-200 — Information Disclosure
CWE-862 — Missing Authorization

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-47193?: CVE-2026-47193 is a high-severity vulnerability in Opf Openproject, classified under Information Disclosure. CVSS score: 7.5/10. Published 2026-06-26.
How severe is CVE-2026-47193?: High severity. CVSS v3 base score is 7.5 out of 10.