Stored credentials in Redmine_CVE-2026-1836

5.3 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.

Basic Information

ID CVE-2026-1836

Source INCIBE

Published Jun 12, 2026 at 13:23

Affected Product

Vendor Redmine

Product Redmine

Affected Versions Redmine Redmine 0
Redmine Redmine 0
Redmine Redmine 0

CWE Classification

CWE-257

References

www.incibe.es /en/incibe-cert/notices/aviso/stored-credentials-redmine

{
    "lastseen": "",
    "description": "The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.",
    "published": "2026-06-12T13:23:31.810Z",
    "modified": "2026-06-12T13:23:31.810Z",
    "type": "cve",
    "title": "Stored credentials in Redmine",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/stored-credentials-redmine",
    "id": "CVE-2026-1836",
    "bulletinFamily": "",
    "cwe": [
        "CWE-257"
    ],
    "cvelist": null,
    "sourceData": "Redmine Redmine 0\nRedmine Redmine 0\nRedmine Redmine 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Redmine",
    "version": "0",
    "vendor": "Redmine",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}