CVE-2026-50885
Deferred Deferred - Pending Action

Incorrect Access Control in Sismics Docs (Teedy) v1.11

Vulnerability report for CVE-2026-50885, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-16

Assigner: MITRE

Description

Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sismics docs 1.11

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50885 is a vulnerability in Sismics Docs (Teedy) version 1.11 that allows unauthorized attackers to access sensitive data through the share-based read endpoints.

The issue arises because the application merges the untrusted "share" query parameter into the access control list (ACL) target evaluation for read endpoints.

An attacker who knows a valid document or file identifier can bypass read authorization by using reserved administrator target values like "admin" or "administrators" in the share parameter.

This bypasses ACL checks, granting access to protected data such as document metadata, comments, attachments, exported PDFs, and file contents without requiring a valid share token or authentication.

The vulnerability occurs because the system appends the raw share value to the ACL target list and skips ACL checks when these reserved strings are present.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive documents and files stored in Sismics Docs (Teedy) version 1.11.

Attackers can view document metadata, comments, attachments, exported PDFs, and file contents without proper authorization or authentication.

Such unauthorized access can result in data leakage, loss of confidentiality, and potential exposure of sensitive or private information.

Detection Guidance

This vulnerability can be detected by attempting to access sensitive endpoints of Sismics Docs (Teedy) v1.11 using crafted requests that include the "share" query parameter with reserved administrator target values such as "admin" or "administrators".

For example, you can try sending HTTP requests to document view, file download, export, or comment listing endpoints with the share parameter set to these reserved values and observe if access is granted without proper authorization.

A sample curl command to test this might be:

  • curl -v "http://<target-host>/document/view?id=<document_id>&share=admin"
  • curl -v "http://<target-host>/file/download?id=<file_id>&share=administrators"

If these requests return sensitive data without requiring authentication or a valid share token, the vulnerability is present.

Compliance Impact

This vulnerability allows unauthorized attackers to bypass access controls and access sensitive documents and files, including metadata, comments, attachments, and file contents, without authentication.

Such unauthorized access to sensitive data can lead to violations of data protection regulations and standards like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.

Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to unauthorized disclosure of protected data.

Mitigation Strategies

To mitigate the vulnerability in Sismics Docs (Teedy) v1.11, you should immediately restrict access to the affected share-based read endpoints by disabling or limiting the use of the 'share' query parameter until a patch or update is available.

Additionally, review and tighten access control configurations to ensure that reserved administrator target values like 'admin' or 'administrators' cannot be exploited to bypass ACL checks.

Monitor access logs for suspicious requests that include the 'share' parameter with reserved values and consider implementing network-level controls or authentication requirements to prevent unauthorized access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50885. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart