A vulnerability was found in DevaslanPHP project-management up to 2.0.0-beta1 . It has been rated as critical . Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler . The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-10285 . The attack is possible to be carried out remotely. No exploit exists. The project was informed of the problem early through