CVE-2023-26256

HIGH EXPLOITED NUCLEI

STAGIL Navigation for Jira <2.0.52 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-26256 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 6 public exploits from researchers including 0x7eTeam, jcad123, qs119. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2023-26256, which targets an unauthenticated file download vulnerability in the STAGIL Navigation for Jira plugin. The script sends crafted HTTP requests to retrieve sensitive files (e.g., /etc/passwd) via path traversal.

Description

An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.

Exploits (6)

nomisec WORKING POC 32 stars
by 0x7eTeam · infoleak
https://github.com/0x7eTeam/CVE-2023-26256

The repository contains a functional exploit PoC for CVE-2023-26256, which targets an unauthenticated file download vulnerability in the STAGIL Navigation for Jira plugin. The script sends crafted HTTP requests to retrieve sensitive files (e.g., /etc/passwd) via path traversal.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: STAGIL Navigation for Jira - Menu & Themes plugin
No auth needed
Prerequisites: Network access to the target Jira instance · STAGIL Navigation plugin installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 3 stars
by jcad123 · infoleak
https://github.com/jcad123/CVE-2023-26256

This repository contains a functional exploit PoC for CVE-2023-26256, targeting an unauthenticated file download vulnerability in the STAGIL Navigation for Jira plugin. The script sends crafted HTTP requests to retrieve sensitive files (e.g., /etc/passwd) via path traversal.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: STAGIL Navigation for Jira - Menu & Themes plugin (version 2.0.50 or earlier)
No auth needed
Prerequisites: Target must be running vulnerable STAGIL Navigation for Jira plugin · Network access to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by qs119 · infoleak
https://github.com/qs119/CVE-2023-26256

The repository contains a functional exploit PoC for CVE-2023-26256, which targets a path traversal vulnerability in the STAGIL Navigation for Jira plugin. The script attempts to read arbitrary files (e.g., /etc/passwd) via unauthenticated HTTP requests to vulnerable endpoints.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: STAGIL Navigation for Jira - Menu & Themes plugin
No auth needed
Prerequisites: Network access to the target Jira instance · Vulnerable version of the STAGIL Navigation plugin
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by xhs-d · infoleak
https://github.com/xhs-d/CVE-2023-26256

The repository contains a functional exploit PoC for CVE-2023-26256, targeting a path traversal vulnerability in the STAGIL Navigation for Jira plugin. The script attempts to read arbitrary files (e.g., /etc/passwd) via crafted URLs, confirming vulnerability if the file content is returned.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: STAGIL Navigation for Jira - Menu & Themes plugin
No auth needed
Prerequisites: Target must be running vulnerable STAGIL Navigation for Jira plugin
devstral-2 · analyzed Feb 18, 2026 Full analysis →
vulncheck_xdb WRITEUP
infoleak
https://github.com/1nters3ct/CVEs

The repository contains detailed technical writeups for CVE-2023-26255 and CVE-2023-26256, both directory traversal vulnerabilities in the 'Stagil navigation for Jira' plugin. The writeups include proof-of-concept HTTP requests, affected parameters, and mitigation steps.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Stagil navigation for Jira plugin versions prior to 2.0.52
No auth needed
Prerequisites: Stagil navigation for Jira plugin installed · knowledge of target file paths
devstral-2 · analyzed Feb 25, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/aodsec/cve-2023-26256

The repository contains a functional exploit PoC for CVE-2023-26256, which targets a path traversal vulnerability in the STAGIL Navigation for Jira plugin. The script attempts to read arbitrary files (e.g., /etc/passwd) via crafted HTTP requests to vulnerable endpoints.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: STAGIL Navigation for Jira - Menu & Themes plugin
No auth needed
Prerequisites: Network access to the target Jira instance · Vulnerable plugin installed
devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion
HIGHby pikpikcu
Shodan: title:Jira || http.title:jira
FOFA: title=jira

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.9177
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2023-07-18
CWE
CWE-22
Status published
Products (1)
stagil/stagil_navigation < 2.0.52
Published Feb 28, 2023
Tracked Since Feb 18, 2026