CVE-2026-11944
openSIS Classic 9.3 - Authenticated path traversal in SentMail attachment download
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences.
| CWE | CWE-22 |
| Vendor | os4ed |
| Product | opensis-classic |
| Published | Jul 14, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for os4ed opensis-classic
Be the first to know when new unknown vulnerabilities affecting os4ed opensis-classic are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
OS4ED / openSIS-Classic
9.3
References
Credits
Daniel Celis