Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 02 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary project identifier to these endpoints, which bypass permission checks and apply the AllowAny default, to pre-empt project administrators from initializing due dates by creating records before they can do so themselves. | |
| Title | Taiga < 6.10.2 - Unauthorized Due-Date Creation via API Viewsets | |
| First Time appeared |
Taiga
Taiga taiga |
|
| Weaknesses | CWE-862 | |
| CPEs | cpe:2.3:a:taiga:taiga:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Taiga
Taiga taiga |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-02T19:42:04.588Z
Reserved: 2026-07-02T15:38:18.929Z
Link: CVE-2026-59097
No data.
No data.
No data.
OpenCVE Enrichment
No data.