A vulnerability has been found in go-vikunja vikunja up to 2.1.x and classified as problematic . This affects an unknown function of the component Task ID Handler . This manipulation causes authorization bypass. The identification of this vulnerability is CVE-2026-33313 . It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.