https://feed.craftedsignal.io/tags/vikunja/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 24 Mar 2026 15:16:35 +0000https://feed.craftedsignal.io/briefs/2024-01-vikunja-account-reactivation/Tue, 24 Mar 2026 15:16:35 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-vikunja-account-reactivation/A critical vulnerability in Vikunja versions prior to 2.2.0 allows disabled users to bypass administrator controls and reactivate their accounts by exploiting a flaw in the password reset logic.Vikunja, an open-source self-hosted task management platform, is vulnerable to unauthorized account reactivation. Prior to version 2.2.0, the platform’s password reset mechanism fails to validate the account status before enabling password reset, allowing disabled users to regain access. Specifically, the ResetPassword() function sets the user’s status to StatusActive after a successful password reset without verifying if the account was deliberately disabled by an administrator. This…

]]>criticaladvisoryvikunjaaccount-reactivationvulnerability