Foswiki Changes/Viewfile/Oops information disclosure_CVE-2026-2861

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.

Basic Information

ID CVE-2026-2861

Source VulDB

Published Feb 21, 2026 at 06:02

Affected Product

Vendor n/a

Product Foswiki

Version 2.1.0

Affected Versions n/a Foswiki 2.1.0
n/a Foswiki 2.1.1
n/a Foswiki 2.1.2
n/a Foswiki 2.1.3
n/a Foswiki 2.1.4
n/a Foswiki 2.1.5
n/a Foswiki 2.1.6
n/a Foswiki 2.1.7
n/a Foswiki 2.1.8
n/a Foswiki 2.1.9
n/a Foswiki 2.1.10

CWE Classification

CWE-200 CWE-284

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.",
    "published": "2026-02-21T06:02:07.609Z",
    "modified": "2026-02-21T06:02:07.609Z",
    "type": "cve",
    "title": "Foswiki Changes/Viewfile/Oops information disclosure",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.347101\nhttps://vuldb.com/?ctiid.347101\nhttps://vuldb.com/?submit.753966\nhttps://foswiki.org/Tasks/Item15600\nhttps://foswiki.org/Tasks/Item15601\nhttps://github.com/foswiki/distro/commit/31aeecb58b64",
    "id": "CVE-2026-2861",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a Foswiki 2.1.0\nn/a Foswiki 2.1.1\nn/a Foswiki 2.1.2\nn/a Foswiki 2.1.3\nn/a Foswiki 2.1.4\nn/a Foswiki 2.1.5\nn/a Foswiki 2.1.6\nn/a Foswiki 2.1.7\nn/a Foswiki 2.1.8\nn/a Foswiki 2.1.9\nn/a Foswiki 2.1.10",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Foswiki",
    "version": "2.1.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}