CVE-2026-10285

MEDIUM 5.4

DevaslanPHP project-management Ticket KanbanScrumHelper.php recordUpdated improper authorization

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-285 CWE-266
Vendor	devaslanphp
Product	project-management
Published	Jun 1, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for devaslanphp project-management

Be the first to know when new medium vulnerabilities affecting devaslanphp project-management are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:X/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

DevaslanPHP / project-management

2.0.0-beta1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367578 vuldb.com: https://vuldb.com/vuln/367578/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10285 vuldb.com: https://vuldb.com/submit/825475 github.com: https://github.com/devaslanphp/project-management/issues/141 github.com: https://github.com/devaslanphp/project-management/

Credits

🔍 Mitchell_45 (VulDB User) VulDB CNA Team