CVE-2026-2861
Information Disclosure Vulnerability in Foswiki Changes/Viewfile Component
Publication date: 2026-02-21
Last updated on: 2026-03-16
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| foswiki | foswiki | to 2.1.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-2861 is an information disclosure vulnerability in Foswiki versions up to 2.1.10. It affects the Changes/Viewfile/Oops component, allowing remote attackers to access sensitive information without authentication by crafting specific HTTP requests to certain service endpoints such as 'oops', 'changes', and 'preview'. This flaw exposes protected data stored on Foswiki pages to unauthorized users."}, {'type': 'paragraph', 'content': 'The vulnerability was discovered by Jan Seebens and Michael Daum and is publicly known with available proof-of-concept exploits. It can be exploited remotely without any user credentials.'}, {'type': 'paragraph', 'content': 'Upgrading Foswiki to version 2.1.11 or applying the related patch fixes the issue by adding access control checks and disabling vulnerable actions.'}] [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive or protected information stored within Foswiki pages. An attacker can remotely access confidential data without authentication, potentially exposing private or restricted content.
Such information disclosure can compromise the confidentiality of your system and data, leading to privacy breaches or leakage of sensitive organizational information.
The exploit is easy to perform and publicly available, increasing the risk of exploitation if the system is not updated or patched.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to access the vulnerable Foswiki endpoints that are known to disclose information without authentication. Specifically, you can test the 'oops', 'changes', and 'preview' service endpoints by crafting HTTP requests targeting these URLs."}, {'type': 'paragraph', 'content': "For example, you can use the following command to check if the vulnerability exists by accessing the 'oops' endpoint:"}, {'type': 'list_item', 'content': 'curl -i https://your-foswiki-site.com/bin/oops/Web/SecretTopicWithFormData?template=view'}, {'type': 'paragraph', 'content': 'If the response contains sensitive or protected data without requiring authentication, the system is vulnerable.'}, {'type': 'paragraph', 'content': "Similarly, you can try accessing the 'changes' and 'preview' endpoints to verify if they disclose information."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate and recommended mitigation step is to upgrade Foswiki to version 2.1.11 or later, as this version contains the patch that fixes the vulnerability.'}, {'type': 'paragraph', 'content': "The patch removes the vulnerable 'changes' and 'preview' actions from the configuration and adds access control checks to prevent unauthorized information disclosure."}, {'type': 'paragraph', 'content': "If upgrading immediately is not possible, consider disabling or restricting access to the 'oops', 'changes', and 'preview' endpoints to prevent remote exploitation."}] [2, 3]