PT-2026-21359 · Foswiki · Foswiki
Jan Seebens
+1
·
Published
2026-02-21
·
Updated
2026-03-16
·
CVE-2026-2861
CVSS v4.0
5.5
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Foswiki versions prior to 2.1.11
Description
A flaw exists in Foswiki that allows information disclosure. The issue is located within an unknown function of the Changes/Viewfile/Oops component. This can be exploited remotely. The exploit is publicly available.
Recommendations
Upgrade to version 2.1.11 or later.
Fix
Improper Access Control
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Foswiki