Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
Foswiki: Unpatched version may leak sensitive information
CVE-2026-2861
Summary
A weakness in older versions of Foswiki may allow unauthorized access to sensitive information. This vulnerability is now being exploited, so upgrading to the latest version (2.1.11) is recommended to prevent potential data breaches.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| foswiki | foswiki | <= 2.1.11 | – |
Original title
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is p...
Original description
A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to version 2.1.11 is sufficient to fix this issue. The patch is identified as 31aeecb58b64/d8ed86b10e46. Upgrading the affected component is recommended.
nvd CVSS2.0
5.0
nvd CVSS3.1
5.3
nvd CVSS4.0
5.5
Vulnerability type
CWE-200
Information Exposure
CWE-284
Improper Access Control
- https://foswiki.org/Tasks/Item15600 Permissions Required
- https://foswiki.org/Tasks/Item15601 Permissions Required
- https://github.com/foswiki/distro/commit/31aeecb58b64 Patch
- https://vuldb.com/?ctiid.347101 Permissions Required VDB Entry
- https://vuldb.com/?id.347101 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753966 Third Party Advisory VDB Entry
Published: 21 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026