CVE-2026-27723
Undergoing Analysis Undergoing Analysis - In Progress
Unauthorized Wiki Page Creation in OpenProject via Improper Authentication

Publication date: 2026-03-05

Last updated on: 2026-03-10

Assigner: GitHub, Inc.

Description
OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-10
Generated
2026-05-07
AI Q&A
2026-03-05
EPSS Evaluated
2026-05-05
NVD
CVE-2026-27723
EUVD
EUVD-2026-9846
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openproject openproject to 17.0.5 (exc)
openproject openproject From 17.1.0 (inc) to 17.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-27723 is a moderate severity vulnerability in OpenProject versions prior to 17.0.5 and 17.1.2. It arises from insufficient access control that allows an attacker with low privileges to create wiki pages in projects they are not authorized to access. This can be done remotely without any user interaction.

The vulnerability impacts the integrity of project wiki content by enabling unauthorized modifications, but it does not affect confidentiality or availability.


How can this vulnerability impact me? :

This vulnerability allows an attacker with limited privileges to create unauthorized wiki pages in projects they should not have access to. This can lead to unauthorized modification of project documentation or information, potentially causing confusion, misinformation, or disruption in project management.

Since the vulnerability does not affect confidentiality or availability, the main impact is on data integrity within the affected projects.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate the vulnerability CVE-2026-27723 in OpenProject, you should immediately update your OpenProject installation to version 17.0.5 or later, as the issue has been patched in versions 17.0.5 and 17.1.2.

Applying these updates will fix the improper authentication flaw that allows attackers to create wiki pages in projects they are not permitted to access.

It is recommended to follow the official OpenProject release notes and security advisories to ensure all relevant patches are applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart