CVE-2026-41917

MEDIUM

OpenKM 6.3.12 Local File Inclusion via Admin Scripting

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-41917. PoCs published by skumar.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in OpenKM, including LFI, RCE, and SQLi. It leverages the admin scripting interface to execute arbitrary commands and read files, and exploits unrestricted SQL queries to dump user credentials.

Description

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers can exploit this to access sensitive files including /etc/passwd, configuration files containing database credentials, and JVM keystores accessible to the OpenKM process.

Exploits (1)

exploitdb WORKING POC

by skumar · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52520

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in OpenKM, including LFI, RCE, and SQLi. It leverages the admin scripting interface to execute arbitrary commands and read files, and exploits unrestricted SQL queries to dump user credentials.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: OpenKM Community Edition 6.3.12 and OpenKM Pro Edition 7.1.47 and previous versions

Auth required

Prerequisites: valid credentials (default or provided) · access to admin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 26, 2026 Full analysis →

References (7)

Core 7

Core References

Exploit exploit

ExploitDB-52520

https://www.exploit-db.com/exploits/52520

Product product

Official Product Homepage

https://www.openkm.com/

Product product

Product Reference

https://hub.docker.com/r/openkm/openkm-ce

Vendor Advisory vendor-advisory

Vulnerability Advisory

https://terrasystemlabs.com/post?slug=openkm-zero-day-vulnerabilities-terra-system-labs

Product product

Proof-of-Concept Toolkit

https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits

Product product

Nuclei Detection Template

https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits/nuclei-templates/openkm-local-file-execution

Third Party Advisory third-party-advisory

VulnCheck Advisory: OpenKM 6.3.12 Local File Inclusion via Admin Scripting

https://www.vulncheck.com/advisories/openkm-local-file-inclusion-via-admin-scripting

Scores

CVSS v3 4.9

EPSS 0.0039

EPSS Percentile 30.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

Openkm/OpenKM Community Edition < 6.3.12

Openkm/OpenKM Professional Edition < 7.1.47

Published May 26, 2026

Tracked Since May 26, 2026