CVE-2026-10284 | DevaslanPHP project-management up to 2.0.0-beta1 Livewire ViewTicket.php editComment/doDeleteComment improper authorization (Issue 140)

A vulnerability was found in DevaslanPHP project-management up to 2.0.0-beta1. It has been declared as critical. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to improper authorization.

This vulnerability is handled as CVE-2026-10284. The attack can be executed remotely. There is not any exploit available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More