Unauthorized access to files in BlueSpice due to incorrect permissions

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.6

Unauthorized access to files in BlueSpice due to incorrect permissions

CVE-2026-24732

Summary

A security issue in BlueSpice allows unauthorized users to access files or directories that should be restricted. This affects BlueSpice versions 5.1 through 5.1.3 and 5.2 through 5.2.0, and Extension:NSFileRepo versions prior to 3.0.5. To protect your data, update to the latest version of BlueSpice and Extension:NSFileRepo, and ensure proper permissions are set for your files and directories.

Original title

Original description

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0.

HINT: Versions provided apply to BlueSpice MediaWiki releases. For Extension:NSFileRepo the affected versions are 3.0 < 3.0.5

nvd CVSS4.0 6.6

Vulnerability type

CWE-552

CWE-732 Incorrect Permission Assignment for Critical Resource

https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2026-02

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026