CVE-2026-33678 | go-vikunja up to 2.2.0 Attachments ReadOne authorization (GHSA-jfmm-mjcp-8wq2)

A vulnerability categorized as critical has been discovered in go-vikunja vikunja up to 2.2.0. Impacted is the function ReadOne of the component Attachments Handler. Such manipulation leads to authorization bypass.

This vulnerability is listed as CVE-2026-33678. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More