PT-2026-54913 · Horde Imp · Horde Imp

Evan

+1

·

Published

2026-07-01

·

Updated

2026-07-02

·

CVE-2026-58451

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Horde IMP versions prior to 7.0.1
Description A path traversal issue exists in the lib/Compose.php file. Authenticated attackers can read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. This occurs because the stripos() prefix validation can be bypassed by appending traversal segments, leading the file get contents() function to read sensitive files. The contents of these files are then exfiltrated as MIME parts in outgoing emails. Additionally, unauthenticated exploitation is possible through Cross-Site Request Forgery (CSRF), which is a technique used to trick a victim's browser into performing an unwanted action on a different website where the victim is currently authenticated.
Recommendations Update Horde IMP to version 7.0.1 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58451

Affected Products

Horde Imp