PT-2026-3074 · Pimcore · Pimcore

Putzflorian

Published

2026-01-15

Updated

2026-01-20

CVE-2026-23493

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14

Description Pimcore is an Open Source Data & Experience Management Platform. Prior to versions 12.3.1 and 11.5.14, the http error log file stores the $ COOKIE and $ SERVER variables. This can lead to the exposure of sensitive information, including database passwords and cookie session data, accessible through the Pimcore backend.

Recommendations Versions prior to 12.3.1 should be updated to version 12.3.1 or later. Versions prior to 11.5.14 should be updated to version 11.5.14 or later.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2026-23493

GHSA-Q433-J342-RP9H

Affected Products

Pimcore

PT-2026-3074 · Pimcore · Pimcore

CVE-2026-23493

Weakness Enumeration

Related Identifiers

Affected Products

References · 14