Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
ProjectSend r1945: Unauthorized Access via Remote Exploit
CVE-2026-3977
Summary
A security weakness in ProjectSend's AJAX Endpoints allows unauthorized access to sensitive data. This can be exploited by attackers from a remote location. To protect your system, apply the recommended patch as soon as possible.
Original title
A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. ...
Original description
A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch.
osv CVSS3.1
6.3
- https://vuldb.com/?ctiid.350412 URL
- https://vuldb.com/?id.350412 URL
- https://github.com/projectsend/projectsend/ URL
- https://github.com/projectsend/projectsend/issues/1525 Third Party Advisory
- https://github.com/projectsend/projectsend/issues/1525#issuecomment-3957109914 Third Party Advisory
- https://github.com/projectsend/projectsend/commit/35dfd6f08f7d517709c77ee73e5736... Patch
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026