CVE-2026-10285 | DevaslanPHP project-management up to 2.0.0-beta1 Ticket KanbanScrumHelper.php recordUpdated improper authorization (Issue 141)

A vulnerability was found in DevaslanPHP project-management up to 2.0.0-beta1. It has been rated as critical. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization.

This vulnerability is uniquely identified as CVE-2026-10285. The attack is possible to be carried out remotely. No exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More