CVE-2026-1836

NameCVE-2026-1836
DescriptionThe system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
redmine (PTS)bookworm, bookworm (security)5.0.4-5+deb12u1vulnerable
trixie6.0.5+ds-1vulnerable
sid6.0.6+ds-6vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
redminesource(unstable)(unfixed)

Notes

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-credentials-redmine
Search for package or bug name: Reporting problems