CVE-2026-2861

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-2861

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2861.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-2861

Published

2026-02-21T06:17:01.897Z

Modified

2026-04-10T05:42:25.011258Z

Severity

5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.

References

Affected packages

Git / github.com/foswiki/distro

Affected ranges

Type: GIT
Repo: https://github.com/foswiki/distro
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

31aeecb58b64

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2861.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.1.11"
            }
        ]
    }
]