CVE-2026-2861
Received Received - Intake
Information Disclosure Vulnerability in Foswiki Changes/Viewfile Component

Publication date: 2026-02-21

Last updated on: 2026-03-16

Assigner: VulDB

Description
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-21
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-02-21
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2861
EUVD
EUVD-2026-7530
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
foswiki foswiki to 2.1.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-2861 is an information disclosure vulnerability in Foswiki versions up to 2.1.10. It affects the Changes/Viewfile/Oops component, allowing remote attackers to access sensitive information without authentication by crafting specific HTTP requests to certain service endpoints such as 'oops', 'changes', and 'preview'. This flaw exposes protected data stored on Foswiki pages to unauthorized users."}, {'type': 'paragraph', 'content': 'The vulnerability was discovered by Jan Seebens and Michael Daum and is publicly known with available proof-of-concept exploits. It can be exploited remotely without any user credentials.'}, {'type': 'paragraph', 'content': 'Upgrading Foswiki to version 2.1.11 or applying the related patch fixes the issue by adding access control checks and disabling vulnerable actions.'}] [1, 3]

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive or protected information stored within Foswiki pages. An attacker can remotely access confidential data without authentication, potentially exposing private or restricted content.

Such information disclosure can compromise the confidentiality of your system and data, leading to privacy breaches or leakage of sensitive organizational information.

The exploit is easy to perform and publicly available, increasing the risk of exploitation if the system is not updated or patched.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to access the vulnerable Foswiki endpoints that are known to disclose information without authentication. Specifically, you can test the 'oops', 'changes', and 'preview' service endpoints by crafting HTTP requests targeting these URLs."}, {'type': 'paragraph', 'content': "For example, you can use the following command to check if the vulnerability exists by accessing the 'oops' endpoint:"}, {'type': 'list_item', 'content': 'curl -i https://your-foswiki-site.com/bin/oops/Web/SecretTopicWithFormData?template=view'}, {'type': 'paragraph', 'content': 'If the response contains sensitive or protected data without requiring authentication, the system is vulnerable.'}, {'type': 'paragraph', 'content': "Similarly, you can try accessing the 'changes' and 'preview' endpoints to verify if they disclose information."}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate and recommended mitigation step is to upgrade Foswiki to version 2.1.11 or later, as this version contains the patch that fixes the vulnerability.'}, {'type': 'paragraph', 'content': "The patch removes the vulnerable 'changes' and 'preview' actions from the configuration and adds access control checks to prevent unauthorized information disclosure."}, {'type': 'paragraph', 'content': "If upgrading immediately is not possible, consider disabling or restricting access to the 'oops', 'changes', and 'preview' endpoints to prevent remote exploitation."}] [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2861. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart