CVE-2023-41266

HIGH KEV RANSOMWARE NUCLEI

Qlik Sense Enterprise for Windows <= May 2023 Patch 3 - Unauthenticated Path Traversal

Title source: llm

Exploitation Summary

CVE-2023-41266 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 7, 2023, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Nuclei template designed to detect the ZeroQlik vulnerability (CVE-2023-41265 and CVE-2023-41266) in Qlik Sense Enterprise for Windows. The template sends a crafted GET request to a specific endpoint and checks for a 400 status code along with specific response patterns to confirm the vulnerability.

Description

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.

Exploits (1)

vulncheck_xdb SCANNER

remote

https://github.com/praetorian-inc/zeroqlik-detect

View Code ZIP pw:eip

This repository contains a Nuclei template designed to detect the ZeroQlik vulnerability (CVE-2023-41265 and CVE-2023-41266) in Qlik Sense Enterprise for Windows. The template sends a crafted GET request to a specific endpoint and checks for a 400 status code along with specific response patterns to confirm the vulnerability.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Qlik Sense Enterprise for Windows

Auth required

Prerequisites: Access to the target Qlik Sense instance · Valid session cookie and XRF key

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

Qlik Sense Enterprise - Path Traversal

MEDIUMVERIFIEDby AdamCrosser

Shodan: http.favicon.hash:-74348711 || http.html:"qlik" || http.title:"qlik-sense"

FOFA: app="qlik-sense" || title="qlik-sense" || icon_hash=-74348711 || body="qlik"

References (3)

Core 3

Core References

Vendor Advisory

https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801

Release Notes

https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41266

Scores

CVSS v3 8.2

EPSS 0.9422

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2023-12-07

VulnCheck KEV 2023-11-28

InTheWild.io 2023-11-28

ENISA EUVD EUVD-2023-45783

Ransomware Use Confirmed

CWE

CWE-22

Status published

Products (4)

qlik/qlik_sense august_2022 (13 CPE variants)

qlik/qlik_sense february_2023 (8 CPE variants)

qlik/qlik_sense may_2023 (4 CPE variants)

qlik/qlik_sense november_2022 (11 CPE variants)

Published Aug 29, 2023

KEV Added Dec 07, 2023

Tracked Since Feb 18, 2026