CVE-2026-26985

{"id": "CVE-2026-26985", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-02-25T22:16:24.360", "references": [{"url": "https://github.com/aces/Loris/releases/tag/v26.0.5", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aces/Loris/releases/tag/v27.0.2", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aces/Loris/security/advisories/GHSA-g3pp-rqvq-xxhp", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Starting in version 24.0.0 and prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with the appropriate authorization can read configuration files on the server by exploiting a path traversal vulnerability. Some of these files contain hard-coded credentials. The vulnerability allows an attacker to read configuration files containing hard-coded credentials. The attacker could then authenticate to the database or other services if those credentials are reused. The attacker must be authenticated and have the required permissions. However, the vulnerability is easy to exploit and the application source code is public. This problem is fixed in LORIS v26.0.5 and v27.0.2 and above, and v28.0.0 and above. As a workaround, the electrophysiogy_browser in LORIS can be disabled by an administrator using the module manager."}, {"lang": "es", "value": "LORIS (Sistema Longitudinal de Investigaci\u00f3n y Obtenci\u00f3n de Im\u00e1genes en L\u00ednea) es una aplicaci\u00f3n web autoalojada que proporciona gesti\u00f3n de datos y proyectos para la investigaci\u00f3n en neuroimagen. A partir de la versi\u00f3n 24.0.0 y antes de las versiones 26.0.5, 27.0.2 y 28.0.0, un usuario autenticado con la autorizaci\u00f3n apropiada puede leer archivos de configuraci\u00f3n en el servidor explotando una vulnerabilidad de salto de ruta. Algunos de estos archivos contienen credenciales codificadas. La vulnerabilidad permite a un atacante leer archivos de configuraci\u00f3n que contienen credenciales codificadas. El atacante podr\u00eda entonces autenticarse en la base de datos u otros servicios si esas credenciales se reutilizan. El atacante debe estar autenticado y tener los permisos requeridos. Sin embargo, la vulnerabilidad es f\u00e1cil de explotar y el c\u00f3digo fuente de la aplicaci\u00f3n es p\u00fablico. Este problema est\u00e1 solucionado en LORIS v26.0.5 y v27.0.2 y superiores, y v28.0.0 y superiores. Como soluci\u00f3n alternativa, el electrophysiogy_browser en LORIS puede ser deshabilitado por un administrador usando el gestor de m\u00f3dulos."}], "lastModified": "2026-03-05T17:40:35.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcgill:loris:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97AF29D7-60B4-4DEA-9B6F-1C0D48CA5577", "versionEndExcluding": "26.0.5", "versionStartIncluding": "24.0.0"}, {"criteria": "cpe:2.3:a:mcgill:loris:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1883C04-6846-427A-BFFE-4C3AF35CCC19", "versionEndExcluding": "27.0.2", "versionStartIncluding": "27.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}