Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
ProjectSend Up to r1945 Lacks Authorization Check
CVE-2026-3977
Summary
A security issue in ProjectSend (up to version r1945) allows attackers to bypass access controls. This means that unauthorized users can access and possibly modify sensitive data. To fix this issue, update to a patched version of ProjectSend or apply the recommended patch.
Original title
A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. ...
Original description
A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is 35dfd6f08f7d517709c77ee73e57367141107e6b. To fix this issue, it is recommended to deploy a patch.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-862
Missing Authorization
CWE-863
Incorrect Authorization
- https://github.com/projectsend/projectsend/
- https://github.com/projectsend/projectsend/commit/35dfd6f08f7d517709c77ee73e5736...
- https://github.com/projectsend/projectsend/issues/1525
- https://github.com/projectsend/projectsend/issues/1525#issuecomment-3957109914
- https://vuldb.com/?ctiid.350412
- https://vuldb.com/?id.350412
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026