CVE-2026-1836

Summary

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.

Affected Software

VendorProductVersion RangeStatus
RedmineRedmine0 < 6.0.7affected
RedmineRedmine0 < 5.1.10affected
RedmineRedmine0 < 5.0.14affected
RedmineRedmine6.0.7unaffected
RedmineRedmine5.1.10unaffected
RedmineRedmine5.0.14unaffected

Weaknesses

  • CWE-257: CWE-257 Storing passwords in a recoverable format

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References