CVE-2026-3977

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-3977

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3977.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-3977

Published

2026-03-12T04:16:39.867Z

Modified

2026-04-10T05:43:08.331662Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch.

References

Affected packages

Git / github.com/projectsend/projectsend

Affected ranges

Type: GIT
Repo: https://github.com/projectsend/projectsend
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

35dfd6f08f7d517709c77ee73e57367141107e6b

Affected versions

Other

Stable

r1053

r1070

r1335

r1415

r1420

r1584

r1605

r1720

r1945

r559

r753

r754

r756

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3977.json"