ByteOS Network

NVD Vulnerability Details :

CVE-2026-28275

Analyzed

Source-security-advisories@github.com

Published At-26 Feb, 2026 | 23:16

Updated At-27 Feb, 2026 | 19:07

Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password. As a result, older tokens remain valid until expiration and can still be used to access protected API endpoints. This behavior allows continued authenticated access even after the account password has been updated. Version 0.32.4 fixes the issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CPE Matches

morelitea>>initiative>>Versions before 0.32.4(exclusive)

cpe:2.3:a:morelitea:initiative:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-613	Primary	security-advisories@github.com

CWE ID: CWE-613

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/Morelitea/initiative/releases/tag/v0.32.4	security-advisories@github.com	Product Release Notes
https://github.com/Morelitea/initiative/security/advisories/GHSA-hww6-3fww-xw3h	security-advisories@github.com	Exploit Mitigation Vendor Advisory

Hyperlink: https://github.com/Morelitea/initiative/releases/tag/v0.32.4

Source: security-advisories@github.com

Resource:

Product

Release Notes

Hyperlink: https://github.com/Morelitea/initiative/security/advisories/GHSA-hww6-3fww-xw3h

Source: security-advisories@github.com

Resource:

Exploit

Mitigation

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History