CVE-2023-26262

moderate-risk

Published 2023-03-14

An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.

Do I need to act?

17.5% chance of exploitation in next 30 days

EPSS score — higher than 82% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (2)

Experience Manager

Experience Platform

Affected Vendors

Sitecore

References (4)

Exploit https://github.com/istern/CVE-2023-26262

Vendor Advisory https://www.sitecore.com/trust

Exploit https://github.com/istern/CVE-2023-26262

Vendor Advisory https://www.sitecore.com/trust

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 13/34 · Low

Exposure 7/34 · Low