CVE-2026-2861

MEDIUM

Foswiki < 2.1.11 - Exposure of Sensitive Information via Changes/Viewfile/Oops Component

Title source: llm

Description

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.

References (9)

Core 9

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/15/1

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/16/1

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/16/3

Permissions Required, VDB Entry vdb-entry

https://vuldb.com/?id.347101

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.347101

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.753966

Various Sources related

https://foswiki.org/Tasks/Item15600

Various Sources related

https://foswiki.org/Tasks/Item15601

Patch patch

https://github.com/foswiki/distro/commit/31aeecb58b64

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0046

EPSS Percentile 35.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-284

Status published

Products (13)

foswiki/foswiki < 2.1.11

n/a/Foswiki 2.1.0

n/a/Foswiki 2.1.1

n/a/Foswiki 2.1.10

n/a/Foswiki 2.1.11

n/a/Foswiki 2.1.2

n/a/Foswiki 2.1.3

n/a/Foswiki 2.1.4

n/a/Foswiki 2.1.5

n/a/Foswiki 2.1.6

... and 3 more

Published Feb 21, 2026

Tracked Since Feb 21, 2026