CVE-2026-44731
🔶 mediumSummary
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user accounts by probing user IDs and observing differences in the server response. This vulnerability is fixed in 17.3.2 and 17.4.0.
CVSS Score
4.3
Medium
EPSS Score
0.2
Exploit Probability
Published Date
2026-06-26
First Seen: 2026-06-27
📊 Relative Risk Intelligence
This CVE is Lower Risk - more severe than 5.4% of all 330,245 vulnerabilities in our database.
#312,409
Below average severity
Severity Percentile
Last Modified
2026-06-26
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)