CVE-2026-48047

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 16.10.17 XWiki versions prior to 17.4.9 XWiki versions prior to 17.10.3 XWiki versions prior to 18.0.0RC1

Description A path traversal issue allows an attacker to write arbitrary files, which could lead to overriding configuration files or changing the superadmin password. This requires the attacker to have admin access to at least one subwiki to install a malicious WebJar extension and to have published that extension in a configured extension repository. Path traversal is a technique used to access files and directories that are stored outside the web root folder.

Recommendations Update to version 16.10.17. Update to version 17.4.9. Update to version 17.10.3. Update to version 18.0.0RC1. Be cautious when granting script and admin rights to users.