CVE-2026-41917 | OpenKM Community Edition/Professional Edition up to 6.3.12 Administrative Scripting Interface /admin/Scripting fsPath path traversal (Exploit 52520)

Inserito da Angelo Barbosa | Mag 26, 2026 | CVE

A vulnerability categorized as critical has been discovered in OpenKM Community Edition and Professional Edition up to 6.3.12. This impacts an unknown function of the file /admin/Scripting of the component Administrative Scripting Interface. Such manipulation of the argument fsPath leads to path traversal.

This vulnerability is referenced as CVE-2026-41917. It is possible to launch the attack remotely. Furthermore, an exploit is available.

CVE-2026-41917 | OpenKM Community Edition/Professional Edition up to 6.3.12 Administrative Scripting Interface /admin/Scripting fsPath path traversal (Exploit 52520)

Post correlati

CVE-2026-1691 | bolo-solo up to 2.6.4 SnakeYAML BackupService.java importMarkdownsSync deserialization (Issue 325)

CVE-2025-15496 | guchengwuyue yshopmall up to 1.9.1 /api/jobs getPage sort sql injection

CVE-2024-3850 | Uniview NVR301-04S2-P4 prior NVR-B3801.20.17.240507 cross site scripting (icsa-24-156-01)

CVE-2024-12835 | Delta Electronics DRASimuCAD ICS File Parser out-of-bounds write (ZDI-24-1723)