CVE-2026-2861
Foswiki Changes/Viewfile/Oops information disclosure
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.
| CWE | CWE-200 CWE-284 |
| Vendor | n/a |
| Product | foswiki |
| Published | Feb 21, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a foswiki
Be the first to know when new medium vulnerabilities affecting n/a foswiki are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / Foswiki
2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.1.9 2.1.10
References
vuldb.com: https://vuldb.com/?id.347101 vuldb.com: https://vuldb.com/?ctiid.347101 vuldb.com: https://vuldb.com/?submit.753966 foswiki.org: https://foswiki.org/Tasks/Item15600 foswiki.org: https://foswiki.org/Tasks/Item15601 github.com: https://github.com/foswiki/distro/commit/31aeecb58b64 openwall.com: http://www.openwall.com/lists/oss-security/2026/03/15/1 openwall.com: http://www.openwall.com/lists/oss-security/2026/03/16/1 openwall.com: http://www.openwall.com/lists/oss-security/2026/03/16/3
Credits
Jan Seebens Michael Daum ๐ Michael Daum (VulDB User)