CVE-2023-26255

HIGH EXPLOITED NUCLEI

STAGIL Navigation for Jira <2.0.52 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-26255 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including Nian-Stars, tucommenceapousser. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional Python script that exploits CVE-2023-26255/6, an arbitrary file read vulnerability in Jira's STAGIL Navigation plugin. The script sends crafted HTTP requests to read sensitive files (e.g., /etc/passwd) via path traversal in the 'fileName' parameter.

Description

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system.

Exploits (3)

nomisec WORKING POC
by Nian-Stars · infoleak
https://github.com/Nian-Stars/CVE-2023-26255-6

The repository contains a functional Python script that exploits CVE-2023-26255/6, an arbitrary file read vulnerability in Jira's STAGIL Navigation plugin. The script sends crafted HTTP requests to read sensitive files (e.g., /etc/passwd) via path traversal in the 'fileName' parameter.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Jira with STAGIL Navigation plugin
No auth needed
Prerequisites: Target must have the vulnerable STAGIL Navigation plugin installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SUSPICIOUS
by tucommenceapousser · poc
https://github.com/tucommenceapousser/CVE-2023-26255-Exp

The repository contains no actual exploit code for CVE-2023-26255, only Python library files (certifi, charset_normalizer, cowsay, questionary) unrelated to the vulnerability. No technical details or PoC are provided.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
vulncheck_xdb WORKING POC
infoleak
https://github.com/jcad123/CVE-2023-26256

The repository contains a functional exploit PoC for CVE-2023-26255 and CVE-2023-26256, targeting the STAGIL Navigation for Jira plugin. The exploit leverages path traversal vulnerabilities to read arbitrary files (e.g., /etc/passwd) without authentication.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: STAGIL Navigation for Jira - Menu & Themes plugin (version 2.0.50 or earlier)
No auth needed
Prerequisites: Target must be running a vulnerable version of the STAGIL Navigation for Jira plugin
devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
HIGHby DhiyaneshDK
Shodan: title:Jira || http.title:jira
FOFA: title=jira

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.4791
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2023-07-18
CWE
CWE-22
Status published
Products (1)
stagil/stagil_navigation < 2.0.52
Published Feb 28, 2023
Tracked Since Feb 18, 2026