CVE-2026-41917
Local File Inclusion in OpenKM 6.3.12 via Scripting Interface
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openkm | openkm | to 7.1.47 (exc) |
| openkm | openkm | to 7.1.47 (inc) |
| openkm | openkm | to 6.3.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the administrative scripting interface to trusted administrators only.
Change default or weak administrative credentials to strong, unique passwords to prevent unauthorized access.
Disable or restrict the use of the /admin/Scripting interface if it is not required for daily operations.
Monitor and audit administrative access logs for suspicious activity.
Apply any available patches or updates from the vendor once released; currently, no official patch is available.
Implement network-level controls such as firewall rules to limit access to the OpenKM administrative interface.
Use compensating controls such as multi-factor authentication for administrative accounts.
Can you explain this vulnerability to me?
CVE-2026-41917 is a local file inclusion vulnerability found in OpenKM version 6.3.12 and related Professional Editions. It exists in the administrative scripting interface at the /admin/Scripting endpoint. Authenticated administrators can exploit this flaw by manipulating the fsPath parameter with the action=Load command to read arbitrary files on the server.
This vulnerability allows attackers to access sensitive files such as /etc/passwd, configuration files containing database credentials, and JVM keystores accessible to the OpenKM process. Exploitation requires administrative authentication but can lead to significant information disclosure.
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to unauthorized disclosure of sensitive information stored on the OpenKM server. Attackers can read critical system files, configuration files with database credentials, and keystores, potentially enabling further attacks such as privilege escalation or full system compromise.
Since the vulnerability requires administrative authentication, attackers who gain or guess admin credentials (default credentials are known) can leverage this flaw to extract sensitive data and possibly chain it with other vulnerabilities like Remote Code Execution or SQL Injection to take over the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by verifying if the administrative scripting interface at /admin/Scripting is accessible and if the fsPath parameter with action=Load can be manipulated to read arbitrary files.
Proof-of-concept exploits and detection templates, including Nuclei templates, are available to automate detection.
A Python-based proof-of-concept tool exists that can be used to validate the vulnerability by attempting to read sensitive files such as /etc/passwd.
Since the exploit requires authentication, testing can be done using default or known administrative credentials (default: okmAdmin:admin).
- Use curl or similar tools to send authenticated requests to the endpoint, for example:
- curl -u okmAdmin:admin 'http://<target>/admin/Scripting?action=Load&fsPath=/etc/passwd'
- Use the provided Python proof-of-concept tool from the exploit repository to automate detection.
- Use Nuclei scanner with the available detection templates from the GitHub repository to scan for this vulnerability.