A vulnerability, which was classified as problematic , has been found in opf openproject up to 17.3.x . The impacted element is an unknown function of the component Configuration Handler . Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-44696 . The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.