CVE-2026-53698

EPSS 0.33%
Veröffentlicht 10.06.2026 00:00:00
Zuletzt bearbeitet 10.06.2026 20:16:41
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerSilverpeas

≫

Produkt Silverpeas

Default Statusunknown

Version <= 6.4.6

Version 0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.243

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@mitre.org	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-36 Absolute Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

https://github.com/Silverpeas/Silverpeas-Core/commit/caa6e6d1ac967ebd29b39e11c2ef5e7fd0047eec

https://tracker.silverpeas.org/issues/15229

https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L120-L122

https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L150-L153

https://nvd.nist.gov/vuln/detail/CVE-2026-53698

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-53698

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-53698

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-53698