CVE-2026-47193
⚠️ highSummary
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1.
CVSS Score
7.5
High
EPSS Score
-
Published Date
2026-06-26
First Seen: 2026-06-27
📊 Relative Risk Intelligence
This CVE is Moderate Risk - more severe than 68.9% of all 330,193 vulnerabilities in our database.
#102,656
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Jun 26, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-06-26
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N