Improper Filtering in Qinglong Task Management Platform
CVE-2026-55445

9.3CRITICAL

Key Information:

Vendor

Whyour

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-55445?

Qinglong, a task management platform, has a vulnerability in its middleware that fails to properly restrict access to the /open/user/init endpoint before version 2.20.1. This flaw allows an unauthenticated attacker to send a PUT request to this endpoint, which can reset administrator credentials on an initialized instance. The issue arises because the system does not adequately guard against unauthorized access after JWT authentication has occurred on other paths. This vulnerability has been addressed in version 2.20.1, which is recommended for users to mitigate potential risks.

Affected Version(s)

qinglong < 2.20.1

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.