Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-29794

Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by spoofing the `X-Forwarded-For` or `X-Real-IP` headers due to the rate-limit relying on the value of `(echo.Context).RealIP`. Unauthenticated users can abuse endpoints available to them for different potential impacts. The immediate concern would be brute-forcing usernames or specific accounts' passwords. This bypass allows unlimited requests against unauthenticated endpoints. Version 2.2.0 patches the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.2%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-29794
  • Vikunja » Vikunja » Version: 0.10
    cpe:2.3:a:vikunja:vikunja:0.10
  • Vikunja » Vikunja » Version: 0.11
    cpe:2.3:a:vikunja:vikunja:0.11
  • Vikunja » Vikunja » Version: 0.12
    cpe:2.3:a:vikunja:vikunja:0.12
  • Vikunja » Vikunja » Version: 0.13
    cpe:2.3:a:vikunja:vikunja:0.13
  • Vikunja » Vikunja » Version: 0.13.1
    cpe:2.3:a:vikunja:vikunja:0.13.1
  • Vikunja » Vikunja » Version: 0.14.0
    cpe:2.3:a:vikunja:vikunja:0.14.0
  • Vikunja » Vikunja » Version: 0.14.1
    cpe:2.3:a:vikunja:vikunja:0.14.1
  • Vikunja » Vikunja » Version: 0.15.0
    cpe:2.3:a:vikunja:vikunja:0.15.0
  • Vikunja » Vikunja » Version: 0.15.1
    cpe:2.3:a:vikunja:vikunja:0.15.1
  • Vikunja » Vikunja » Version: 0.16.0
    cpe:2.3:a:vikunja:vikunja:0.16.0
  • Vikunja » Vikunja » Version: 0.16.1
    cpe:2.3:a:vikunja:vikunja:0.16.1
  • Vikunja » Vikunja » Version: 0.17.0
    cpe:2.3:a:vikunja:vikunja:0.17.0
  • Vikunja » Vikunja » Version: 0.17.1
    cpe:2.3:a:vikunja:vikunja:0.17.1
  • Vikunja » Vikunja » Version: 0.18.0
    cpe:2.3:a:vikunja:vikunja:0.18.0
  • Vikunja » Vikunja » Version: 0.18.1
    cpe:2.3:a:vikunja:vikunja:0.18.1
  • Vikunja » Vikunja » Version: 0.19.0
    cpe:2.3:a:vikunja:vikunja:0.19.0
  • Vikunja » Vikunja » Version: 0.19.1
    cpe:2.3:a:vikunja:vikunja:0.19.1
  • Vikunja » Vikunja » Version: 0.19.2
    cpe:2.3:a:vikunja:vikunja:0.19.2
  • Vikunja » Vikunja » Version: 0.20.0
    cpe:2.3:a:vikunja:vikunja:0.20.0
  • Vikunja » Vikunja » Version: 0.20.1
    cpe:2.3:a:vikunja:vikunja:0.20.1
  • Vikunja » Vikunja » Version: 0.20.2
    cpe:2.3:a:vikunja:vikunja:0.20.2
  • Vikunja » Vikunja » Version: 0.20.3
    cpe:2.3:a:vikunja:vikunja:0.20.3
  • Vikunja » Vikunja » Version: 0.20.4
    cpe:2.3:a:vikunja:vikunja:0.20.4
  • Vikunja » Vikunja » Version: 0.20.5
    cpe:2.3:a:vikunja:vikunja:0.20.5
  • Vikunja » Vikunja » Version: 0.21.0
    cpe:2.3:a:vikunja:vikunja:0.21.0
  • Vikunja » Vikunja » Version: 0.22.0
    cpe:2.3:a:vikunja:vikunja:0.22.0
  • Vikunja » Vikunja » Version: 0.22.1
    cpe:2.3:a:vikunja:vikunja:0.22.1
  • Vikunja » Vikunja » Version: 0.23.0
    cpe:2.3:a:vikunja:vikunja:0.23.0
  • Vikunja » Vikunja » Version: 0.24.0
    cpe:2.3:a:vikunja:vikunja:0.24.0
  • Vikunja » Vikunja » Version: 0.24.1
    cpe:2.3:a:vikunja:vikunja:0.24.1
  • Vikunja » Vikunja » Version: 0.24.2
    cpe:2.3:a:vikunja:vikunja:0.24.2
  • Vikunja » Vikunja » Version: 0.24.3
    cpe:2.3:a:vikunja:vikunja:0.24.3
  • Vikunja » Vikunja » Version: 0.24.4
    cpe:2.3:a:vikunja:vikunja:0.24.4
  • Vikunja » Vikunja » Version: 0.24.5
    cpe:2.3:a:vikunja:vikunja:0.24.5
  • Vikunja » Vikunja » Version: 0.24.6
    cpe:2.3:a:vikunja:vikunja:0.24.6
  • Vikunja » Vikunja » Version: 0.8
    cpe:2.3:a:vikunja:vikunja:0.8
  • Vikunja » Vikunja » Version: 0.9
    cpe:2.3:a:vikunja:vikunja:0.9
  • Vikunja » Vikunja » Version: 1.0.0
    cpe:2.3:a:vikunja:vikunja:1.0.0
  • Vikunja » Vikunja » Version: 1.1.0
    cpe:2.3:a:vikunja:vikunja:1.1.0
  • Vikunja » Vikunja » Version: 2.0.0
    cpe:2.3:a:vikunja:vikunja:2.0.0
  • Vikunja » Vikunja » Version: 2.1.0
    cpe:2.3:a:vikunja:vikunja:2.1.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved