CVE-2026-28276 — Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /u — CVE Database · The Intelligence Room