CVE-2026-33675 | go-vikunja up to 2.2.0 File Attachment helpers.go server-side request forgery (GHSA-g66v-54v9-52pr)

A vulnerability was found in go-vikunja vikunja up to 2.2.0. It has been classified as critical. This affects an unknown part of the file pkg/modules/migration/helpers.go of the component File Attachment Handler. The manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-33675. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More