CVE-2023-26441

Name of the Vulnerable Software and Affected Versions Cacheservice (affected versions not specified)

Description The issue arises from the Cacheservice not correctly checking if relative cache objects point to the defined absolute location when accessing resources. This allows an attacker with access to the database and a local or restricted network to read arbitrary local file system resources accessible by the service's system user account. The problem has been addressed by improving path validation to ensure access is contained within the defined root directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.