CVE-2026-44668
BaseFortify
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| faction | boilerplateconfig | to 1.8.3 (exc) |
| faction | accesscontrolinterceptor | to 1.8.3 (exc) |
| faction | faaction | to 1.8.3 (exc) |
| faction | faaction | to 1.8.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-44668 is a critical vulnerability in the Faction application (versions up to 1.8.2) that allows unauthenticated attackers to access and manipulate boilerplate templates.
The vulnerability arises because the AccessControlInterceptor, which is supposed to authenticate all Struts2 actions, does not check for a valid session before invoking actions. Additionally, four action methods in BoilerPlateConfig do not perform local session checks.
As a result, attackers can exploit endpoints such as /portal/tempSearchDetail.action, /portal/globalSave.action, /portal/tempActive.action, and /portal/tempDelete.action without any credentials.
This allows them to read, overwrite, deactivate, or permanently delete any boilerplate template in the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unauthorized access attempts to specific vulnerable endpoints in the Faction application. The affected endpoints include /portal/tempSearchDetail.action, /portal/globalSave.action, /portal/tempActive.action, and /portal/tempDelete.action. Monitoring network traffic or server logs for unauthenticated requests to these endpoints can help identify exploitation attempts.
Suggested commands to detect potential exploitation attempts include using tools like curl or wget to test access without authentication, for example:
- curl -v http://<target-host>/portal/tempSearchDetail.action
- curl -v http://<target-host>/portal/globalSave.action
- curl -v http://<target-host>/portal/tempActive.action
- curl -v http://<target-host>/portal/tempDelete.action
Additionally, reviewing access logs for requests to these endpoints without valid session cookies or authentication tokens can help detect exploitation.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoints by implementing authentication and session checks to prevent unauthenticated access.
Specifically, ensure that the AccessControlInterceptor properly verifies valid sessions before invoking actions, and that the four action methods in BoilerPlateConfig perform local session checks.
If patching is not immediately possible, consider applying network-level controls such as firewall rules or web application firewall (WAF) rules to block unauthenticated requests to the affected endpoints.
Also, verify ownership and permissions for boilerplate templates to limit the impact of any unauthorized access.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized disclosure, modification, and deletion of boilerplate templates.
Attackers can read proprietary data contained in templates, overwrite global templates which can poison reports, deactivate templates, or delete them permanently.
The vulnerability has a CVSS score of 9.8 (Critical), indicating high impact on confidentiality, integrity, and availability.
Since the attack requires no privileges or user interaction and can be performed remotely, it poses a significant risk to the security and reliability of the system.