{"cve":{"cve_id":"CVE-2026-1836","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00105,"epss_percentile":0.01277,"epss_as_of":"2026-06-23","description":"The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials.","published_at":"2026-06-12T13:23:31.810000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":5.3,"cvss_v4_vector":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-257"],"nvd_references":["https://www.incibe.es/en/incibe-cert/notices/aviso/stored-credentials-redmine"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:29:00.977963Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"P","value_label":"Present"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"A","value_label":"Active"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"redmine","vendor_name":"Redmine","product_slug":"redmine","product_name":"Redmine","version_start":"0","version_start_inclusive":true,"version_end":"6.0.7","version_end_inclusive":false,"cpe23_uri":"cve5:redmine:redmine:0:6.0.7"},{"vendor_slug":"redmine","vendor_name":"Redmine","product_slug":"redmine","product_name":"Redmine","version_start":"0","version_start_inclusive":true,"version_end":"5.1.10","version_end_inclusive":false,"cpe23_uri":"cve5:redmine:redmine:0:5.1.10"},{"vendor_slug":"redmine","vendor_name":"Redmine","product_slug":"redmine","product_name":"Redmine","version_start":"0","version_start_inclusive":true,"version_end":"5.0.14","version_end_inclusive":false,"cpe23_uri":"cve5:redmine:redmine:0:5.0.14"},{"vendor_slug":"redmine","vendor_name":"Redmine","product_slug":"redmine","product_name":"Redmine","version_start":"6.0.7","version_start_inclusive":true,"version_end":"6.0.7","version_end_inclusive":true,"cpe23_uri":"cve5:redmine:redmine:6.0.7:6.0.7"},{"vendor_slug":"redmine","vendor_name":"Redmine","product_slug":"redmine","product_name":"Redmine","version_start":"5.1.10","version_start_inclusive":true,"version_end":"5.1.10","version_end_inclusive":true,"cpe23_uri":"cve5:redmine:redmine:5.1.10:5.1.10"},{"vendor_slug":"redmine","vendor_name":"Redmine","product_slug":"redmine","product_name":"Redmine","version_start":"5.0.14","version_start_inclusive":true,"version_end":"5.0.14","version_end_inclusive":true,"cpe23_uri":"cve5:redmine:redmine:5.0.14:5.0.14"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/stored-credentials-redmine","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-12T13:23:31.810000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:50:49.858932Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:49.858932Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:50:49.858932Z","label":"CVSS score revised","source":"cvelistv5"}]}