A vulnerability identified as critical has been detected in opf openproject up to 17.2.3/17.3.1 . This issue affects some unknown processing of the file /my/two_factor_devices of the component Docker Image Handler . The manipulation leads to deserialization. This vulnerability is documented as CVE-2026-46386 . The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.