CVE-2026-27723
Undergoing Analysis Undergoing Analysis - In Progress
Unauthorized Wiki Page Creation in OpenProject via Improper Authentication

Publication date: 2026-03-05

Last updated on: 2026-03-10

Assigner: GitHub, Inc.

Description
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-10
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27723
EUVD
EUVD-2026-9846
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openproject openproject to 17.0.5 (exc)
openproject openproject From 17.1.0 (inc) to 17.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27723 is a moderate severity vulnerability in OpenProject versions prior to 17.0.5 and 17.1.2. It arises from insufficient access control that allows an attacker with low privileges to create wiki pages in projects they are not authorized to access. This can be done remotely without any user interaction.

The vulnerability impacts the integrity of project wiki content by enabling unauthorized modifications, but it does not affect confidentiality or availability.

Impact Analysis

This vulnerability allows an attacker with limited privileges to create unauthorized wiki pages in projects they should not have access to. This can lead to unauthorized modification of project documentation or information, potentially causing confusion, misinformation, or disruption in project management.

Since the vulnerability does not affect confidentiality or availability, the main impact is on data integrity within the affected projects.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the vulnerability CVE-2026-27723 in OpenProject, you should immediately update your OpenProject installation to version 17.0.5 or later, as the issue has been patched in versions 17.0.5 and 17.1.2.

Applying these updates will fix the improper authentication flaw that allows attackers to create wiki pages in projects they are not permitted to access.

It is recommended to follow the official OpenProject release notes and security advisories to ensure all relevant patches are applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27723. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart