CVE-2026-2861

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://foswiki.org/Tasks/Item15600	Permissions Required
https://foswiki.org/Tasks/Item15601	Permissions Required
https://github.com/foswiki/distro/commit/31aeecb58b64	Patch
https://vuldb.com/?ctiid.347101	Permissions Required VDB Entry
https://vuldb.com/?id.347101	Third Party Advisory VDB Entry
https://vuldb.com/?submit.753966	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:foswiki:foswiki:*:*:*:*:*:*:*:*

History

26 Feb 2026, 03:07

Type	Values Removed	Values Added
Summary		(es) Se detectó una vulnerabilidad en Foswiki hasta 2.1.10 que afecta a una función desconocida del componente Changes/Viewfile/Oops. Si se manipula se puede lograr una revelación de información. Es posible lanzar el ataque en remoto. El exploit es ahora público y puede ser utilizado. Con actualizar a la versión 2.1.11 es suficiente para solucionar este problema. El parche se identifica como 31aeecb58b64/d8ed86b10e46. Se recomienda actualizar el componente afectado.
References	~~() https://foswiki.org/Tasks/Item15600 -~~	() https://foswiki.org/Tasks/Item15600 - Permissions Required
References	~~() https://foswiki.org/Tasks/Item15601 -~~	() https://foswiki.org/Tasks/Item15601 - Permissions Required
References	~~() https://github.com/foswiki/distro/commit/31aeecb58b64 -~~	() https://github.com/foswiki/distro/commit/31aeecb58b64 - Patch
References	~~() https://vuldb.com/?ctiid.347101 -~~	() https://vuldb.com/?ctiid.347101 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.347101 -~~	() https://vuldb.com/?id.347101 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.753966 -~~	() https://vuldb.com/?submit.753966 - Third Party Advisory, VDB Entry
First Time		Foswiki foswiki Foswiki
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:foswiki:foswiki::::::::

21 Feb 2026, 06:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-21 06:17

Updated : 2026-02-26 03:07

NVD link : CVE-2026-2861

Mitre link : CVE-2026-2861

CVE.ORG link : CVE-2026-2861

JSON object : View

Products Affected

foswiki

foswiki

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-284

Improper Access Control

NVD-CWE-noinfo

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2026-2861

5.3^/10

5.0^/10

Attach tags to `CVE-2026-2861`