CVE-2026-23496

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Pimcore Web2Print Tools Bundle versions prior to 5.2.2 Pimcore Web2Print Tools Bundle versions prior to 6.1.1

Description The Pimcore Web2Print Tools Bundle does not properly enforce server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." An authenticated backend user lacking the necessary permissions can invoke the endpoint to modify or retrieve these configurations. The vulnerable API endpoint is responsible for managing "Favourite Output Channel Configurations."

Recommendations Update to Pimcore Web2Print Tools Bundle version 5.2.2 or later. Update to Pimcore Web2Print Tools Bundle version 6.1.1 or later.

Exploit

Fix

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

CVE-2026-23496

GHSA-4WG4-P27P-5Q2R

Affected Products

Pimcore Web2Print Tools Bundle

CVE-2026-23496

Weakness Enumeration

Related Identifiers

Affected Products

References · 11