CVE-2026-27819: Vikunja has Path Traversal in CLI Restore
Path Traversal (Zip Slip) and Denial of Service (DoS) vulnerability discovered in the Vikunja CLI’s restore functionality.
References
- github.com/advisories/GHSA-42wg-38gx-85rh
- github.com/go-vikunja/vikunja
- github.com/go-vikunja/vikunja/commit/1b3d8dc59cb5f2b759ab0ad2bc9915b993e3cb73
- github.com/go-vikunja/vikunja/security/advisories/GHSA-42wg-38gx-85rh
- nvd.nist.gov/vuln/detail/CVE-2026-27819
- vikunja.io/changelog/vikunja-v2.0.0-was-released
Code Behaviors & Features
Detect and mitigate CVE-2026-27819 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →