CVE-2026-2861
low-risk
Published 2026-02-21
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Foswiki
Affected Vendors
References (9)
Permissions Required
https://foswiki.org/Tasks/Item15600
Permissions Required
https://foswiki.org/Tasks/Item15601
Permissions Required
https://vuldb.com/?ctiid.347101
Third Party Advisory
https://vuldb.com/?id.347101
Third Party Advisory
https://vuldb.com/?submit.753966
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal