{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2861", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-20T14:07:22.958Z", "datePublished": "2026-02-21T06:02:07.609Z", "dateUpdated": "2026-02-23T19:29:05.938Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-21T06:02:07.609Z"}, "title": "Foswiki Changes/Viewfile/Oops information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "n/a", "product": "Foswiki", "versions": [{"version": "2.1.0", "status": "affected"}, {"version": "2.1.1", "status": "affected"}, {"version": "2.1.2", "status": "affected"}, {"version": "2.1.3", "status": "affected"}, {"version": "2.1.4", "status": "affected"}, {"version": "2.1.5", "status": "affected"}, {"version": "2.1.6", "status": "affected"}, {"version": "2.1.7", "status": "affected"}, {"version": "2.1.8", "status": "affected"}, {"version": "2.1.9", "status": "affected"}, {"version": "2.1.10", "status": "affected"}, {"version": "2.1.11", "status": "unaffected"}], "modules": ["Changes/Viewfile/Oops"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-20T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-20T15:26:30.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Jan Seebens", "type": "finder"}, {"lang": "en", "value": "Michael Daum", "type": "finder"}, {"lang": "en", "value": "Michael Daum (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347101", "name": "VDB-347101 | Foswiki Changes/Viewfile/Oops information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.347101", "name": "VDB-347101 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753966", "name": "Submit #753966 | Foswiki 2.1.10 and before Information Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://foswiki.org/Tasks/Item15600", "tags": ["related"]}, {"url": "https://foswiki.org/Tasks/Item15601", "tags": ["related"]}, {"url": "https://github.com/foswiki/distro/commit/31aeecb58b64", "tags": ["patch"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T19:27:50.200482Z", "id": "CVE-2026-2861", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T19:29:05.938Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2861", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-23T19:27:50.200482Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T19:28:21.208Z"}}], "cna": {"tags": ["x_open-source"], "title": "Foswiki Changes/Viewfile/Oops information disclosure", "credits": [{"lang": "en", "type": "finder", "value": "Jan Seebens"}, {"lang": "en", "type": "finder", "value": "Michael Daum"}, {"lang": "en", "type": "reporter", "value": "Michael Daum (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["Changes/Viewfile/Oops"], "product": "Foswiki", "versions": [{"status": "affected", "version": "2.1.0"}, {"status": "affected", "version": "2.1.1"}, {"status": "affected", "version": "2.1.2"}, {"status": "affected", "version": "2.1.3"}, {"status": "affected", "version": "2.1.4"}, {"status": "affected", "version": "2.1.5"}, {"status": "affected", "version": "2.1.6"}, {"status": "affected", "version": "2.1.7"}, {"status": "affected", "version": "2.1.8"}, {"status": "affected", "version": "2.1.9"}, {"status": "affected", "version": "2.1.10"}, {"status": "unaffected", "version": "2.1.11"}]}], "timeline": [{"lang": "en", "time": "2026-02-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-20T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-20T15:26:30.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.347101", "name": "VDB-347101 | Foswiki Changes/Viewfile/Oops information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.347101", "name": "VDB-347101 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.753966", "name": "Submit #753966 | Foswiki 2.1.10 and before Information Disclosure", "tags": ["third-party-advisory"]}, {"url": "https://foswiki.org/Tasks/Item15600", "tags": ["related"]}, {"url": "https://foswiki.org/Tasks/Item15601", "tags": ["related"]}, {"url": "https://github.com/foswiki/distro/commit/31aeecb58b64", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Information Disclosure"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-21T06:02:07.609Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2861", "state": "PUBLISHED", "dateUpdated": "2026-02-23T19:29:05.938Z", "dateReserved": "2026-02-20T14:07:22.958Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-21T06:02:07.609Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended."}], "id": "CVE-2026-2861", "lastModified": "2026-02-23T18:13:53.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-21T06:17:01.897", "references": [{"source": "cna@vuldb.com", "url": "https://foswiki.org/Tasks/Item15600"}, {"source": "cna@vuldb.com", "url": "https://foswiki.org/Tasks/Item15601"}, {"source": "cna@vuldb.com", "url": "https://github.com/foswiki/distro/commit/31aeecb58b64"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.347101"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.347101"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.753966"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.1.0,2.1.10]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "2.1.11"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Foswiki", "source": "cna", "vendor": "n/a"}, "product": "foswiki", "vendor": "foswiki"}], "created": "2026-02-23T14:32:32.696232+00:00", "updated": "2026-02-23T14:32:32.696322+00:00", "vendors": ["foswiki", "foswiki$PRODUCT$foswiki"]}