CVE-2026-3977

MEDIUM EPSS 19.3%
Published Mar 12, 20263mo ago · Modified Apr 22, 20262mo ago
5.3 CVSS 4.0
Medium
Find Similar
Published Mar 12, 2026 3mo ago
Last Modified Apr 22, 2026 2mo ago

Description

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch.

CVSS Details

Base Score
5.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
19.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-862 Missing Authorization Authorization
CWE-863 Incorrect Authorization Authorization

References 6

  • github.com https://github.com/projectsend/projectsend/
  • github.com https://github.com/projectsend/projectsend/commit/35dfd6f08f7d517709c77ee73e57367141107e6b
  • github.com https://github.com/projectsend/projectsend/issues/1525
  • github.com https://github.com/projectsend/projectsend/issues/1525#issuecomment-3957109914
  • vuldb.com https://vuldb.com/?ctiid.350412
  • vuldb.com https://vuldb.com/?id.350412

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.