CVE-2026-45703
Received Received - Intake

Word Export Permission Bypass in Pimcore

Vulnerability report for CVE-2026-45703, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: GitHub, Inc.

Description

Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 (LTS) and 12.3.7, the WordExport export flow in bundles/WordExportBundle/src/Controller/TranslationController.php only checks the word_export feature permission and directly resolves attacker-controlled type/id input without enforcing view permission on page, snippet, email, or object elements, allowing a low-privileged backend user to export document content the user is not allowed to view. This issue is fixed in versions 11.5.17 (LTS) and 12.3.7.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-18
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
pimcore pimcore to 12.3.7 (exc)
pimcore pimcore From 12.3.7 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-45703 is a security flaw in Pimcore's WordExport bundle. It allows a low-privileged backend user with only the 'word_export' permission to export document content without having view permissions on the target document. The issue occurs because the export flow checks only for the feature permission but does not verify access rights on the target element itself.

Detection Guidance

To detect this vulnerability, review Pimcore logs for unauthorized WordExport attempts. Check if low-privileged users accessed document exports without proper permissions. Look for requests to the WordExportController with type/id parameters that bypass view restrictions.

Impact Analysis

This vulnerability could allow unauthorized users to export and access sensitive document content they are not permitted to view. This includes structured page fields, restricted backend content, and potentially other data, leading to data exposure or lateral information access by low-privileged accounts.

Compliance Impact

This vulnerability could lead to unauthorized access and disclosure of sensitive data, violating compliance requirements such as GDPR and HIPAA. It may result in data breaches, unauthorized data processing, and failure to maintain proper access controls over personal or protected health information.

Mitigation Strategies

Upgrade Pimcore to version 11.5.17 (LTS) or 12.3.7 or later. Implement object-level authorization checks in the WordExport flow to verify view permissions before allowing exports. Review and restrict user permissions to ensure only authorized users can access sensitive exports.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45703. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart