Unrated severityOSV Advisory· Published Jan 10, 2026· Updated Jan 12, 2026
OpenProject is Vulnerable to Insecure Direct Object Reference in Meetings
CVE-2026-22605
Description
OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has been patched in version 16.6.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v16.0.0, v16.0.1, v16.1.0, …+ 1 more
- (no CPE)range: v16.0.0, v16.0.1, v16.1.0, …
- (no CPE)range: <16.6.3
Patches
Vulnerability mechanics
References
2- github.com/opf/openproject/releases/tag/v16.6.3mitrex_refsource_MISC
- github.com/opf/openproject/security/advisories/GHSA-fq4m-pxvm-8x2jmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.