Improper Filtering in Qinglong Task Management Platform
CVE-2026-55445
9.3CRITICAL
What is CVE-2026-55445?
Qinglong, a task management platform, has a vulnerability in its middleware that fails to properly restrict access to the /open/user/init endpoint before version 2.20.1. This flaw allows an unauthenticated attacker to send a PUT request to this endpoint, which can reset administrator credentials on an initialized instance. The issue arises because the system does not adequately guard against unauthorized access after JWT authentication has occurred on other paths. This vulnerability has been addressed in version 2.20.1, which is recommended for users to mitigate potential risks.
Affected Version(s)
qinglong < 2.20.1
