Multiple Vulnerabilities Discovered in Redmine

📌 Multiple vulnerabilities were discovered in Redmine on 17 March 2026, allowing attackers to exploit flaws remotely. The identified impacts include cross-site scripting (XSS) via indirect code injection, security policy bypass, and an unspecified security issue as noted by the vendor. No specific CVE IDs, technical details, or affected versions were provided in the notice. The vulnerabilities enable attackers to compromise security controls and execute malicious actions. The advisory was published by CERT-FR under reference CERTFR-2026-AVI-0306.