Description

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned. Attackers can guess a code or modify the received code to look up arbitrary submissions, after logging in (with DigiD/eHerkenning/... depending on form configuration). This vulnerability is fixed in 3.3.13 and 3.4.5.

INFO

Published Date :

2026-03-11T15:52:08.464Z

Last Modified :

2026-03-11T17:30:48.578Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-28803 vulnerability.

Vendors Products
Maykinmedia
  • Open Forms
Open-formulieren
  • Open-forms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28803.

URL Resource
https://github.com/open-formulieren/open-forms/security/advisories/GHSA-2g49-rfm6-5qj5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact