CVE-2026-53698

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-53698
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L120-L122
https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L150-L153
https://github.com/Silverpeas/Silverpeas-Core/commit/caa6e6d1ac967ebd29b39e11c2ef5e7fd0047eec
https://tracker.silverpeas.org/issues/15229
Configurations

No configuration.

History

10 Jun 2026, 16:17

Type Values Removed Values Added
New CVE
Information

Published : 2026-06-10 16:17

Updated : 2026-06-10 16:17

NVD link : CVE-2026-53698

Mitre link : CVE-2026-53698

CVE.ORG link : CVE-2026-53698

JSON object : View

Products Affected

No product.

CWE
CWE-36

Absolute Path Traversal