CVE-2026-2861

MEDIUM

Foswiki <=2.1.10 - Info Disclosure

Title source: llm

Description

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.

References (9)

[Mailing List] http://www.openwall.com/lists/oss-security/2026/03/15/1

[Mailing List] http://www.openwall.com/lists/oss-security/2026/03/16/1

[Mailing List] http://www.openwall.com/lists/oss-security/2026/03/16/3

[Permissions Required, VDB Entry] https://vuldb.com/?id.347101

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.347101

[Permissions Required, VDB Entry] https://vuldb.com/?submit.753966

[Various Sources] https://foswiki.org/Tasks/Item15600

[Various Sources] https://foswiki.org/Tasks/Item15601

[Patch] https://github.com/foswiki/distro/commit/31aeecb58b64

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0009

EPSS Percentile 25.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-284

Status published

Products (13)

foswiki/foswiki < 2.1.11

n/a/Foswiki 2.1.0

n/a/Foswiki 2.1.1

n/a/Foswiki 2.1.10

n/a/Foswiki 2.1.11

n/a/Foswiki 2.1.2

n/a/Foswiki 2.1.3

n/a/Foswiki 2.1.4

n/a/Foswiki 2.1.5

n/a/Foswiki 2.1.6

... and 3 more

Published Feb 21, 2026

Tracked Since Feb 21, 2026