{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/account-reactivation/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["vikunja","account-reactivation","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eVikunja, an open-source self-hosted task management platform, is vulnerable to unauthorized account reactivation. Prior to version 2.2.0, the platform\u0026rsquo;s password reset mechanism fails to validate the account status before enabling password reset, allowing disabled users to regain access. Specifically, the \u003ccode\u003eResetPassword()\u003c/code\u003e function sets the user’s status to \u003ccode\u003eStatusActive\u003c/code\u003e after a successful password reset without verifying if the account was deliberately disabled by an administrator. This…\u003c/p\u003e\n","date_modified":"2026-03-24T15:16:35Z","date_published":"2026-03-24T15:16:35Z","id":"/briefs/2024-01-vikunja-account-reactivation/","summary":"A critical vulnerability in Vikunja versions prior to 2.2.0 allows disabled users to bypass administrator controls and reactivate their accounts by exploiting a flaw in the password reset logic.","title":"Vikunja Account Reactivation Vulnerability (CVE-2026-33316)","url":"https://feed.craftedsignal.io/briefs/2024-01-vikunja-account-reactivation/"}],"language":"en","title":"CraftedSignal Threat Feed — Account-Reactivation","version":"https://jsonfeed.org/version/1.1"}