openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 14 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. | |
| Title | openSIS Classic 9.3 - Authenticated path traversal in SentMail attachment download | |
| First Time appeared |
Os4ed
Os4ed opensis-classic |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:os4ed:opensis-classic:9.3:*:linux:*:*:*:*:* cpe:2.3:a:os4ed:opensis-classic:9.3:*:macos:*:*:*:*:* cpe:2.3:a:os4ed:opensis-classic:9.3:*:windows:*:*:*:*:* |
|
| Vendors & Products |
Os4ed
Os4ed opensis-classic |
|
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Fluid Attacks
Published:
Updated: 2026-07-14T15:58:38.983Z
Reserved: 2026-06-10T21:25:07.392Z
Link: CVE-2026-11944
Updated: 2026-07-14T15:58:35.077Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T16:45:04Z
Weaknesses