๐Ÿ” CVE Alert

CVE-2026-11944

UNKNOWN 0.0

openSIS Classic 9.3 - Authenticated path traversal in SentMail attachment download

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences.

CWE CWE-22
Vendor os4ed
Product opensis-classic
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for os4ed opensis-classic

Be the first to know when new unknown vulnerabilities affecting os4ed opensis-classic are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

OS4ED / openSIS-Classic
9.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
fluidattacks.com: https://fluidattacks.com/es/advisories/toto github.com: https://github.com/OS4ED/openSIS-Classic

Credits

Daniel Celis