CVE-2026-50885
Received Received - Intake
BaseFortify

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: MITRE

Description
Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-50885
EUVD
EUVD-2026-36783
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sismics docs 1.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-50885 is a vulnerability in Sismics Docs (Teedy) version 1.11 that allows unauthorized attackers to access sensitive data through the share-based read endpoints.

The issue arises because the application merges the untrusted "share" query parameter into the access control list (ACL) target evaluation for read endpoints.

An attacker who knows a valid document or file identifier can bypass read authorization by using reserved administrator target values like "admin" or "administrators" in the share parameter.

This bypasses ACL checks, granting access to protected data such as document metadata, comments, attachments, exported PDFs, and file contents without requiring a valid share token or authentication.

The vulnerability occurs because the system appends the raw share value to the ACL target list and skips ACL checks when these reserved strings are present.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive documents and files stored in Sismics Docs (Teedy) version 1.11.

Attackers can view document metadata, comments, attachments, exported PDFs, and file contents without proper authorization or authentication.

Such unauthorized access can result in data leakage, loss of confidentiality, and potential exposure of sensitive or private information.

Detection Guidance

This vulnerability can be detected by attempting to access sensitive endpoints of Sismics Docs (Teedy) v1.11 using crafted requests that include the "share" query parameter with reserved administrator target values such as "admin" or "administrators".

For example, you can try sending HTTP requests to document view, file download, export, or comment listing endpoints with the share parameter set to these reserved values and observe if access is granted without proper authorization.

A sample curl command to test this might be:

  • curl -v "http://<target-host>/document/view?id=<document_id>&share=admin"
  • curl -v "http://<target-host>/file/download?id=<file_id>&share=administrators"

If these requests return sensitive data without requiring authentication or a valid share token, the vulnerability is present.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50885. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart