← Retour aux CVEs

CVE-2026-23493

HIGH

8.6

Description

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14.

Details CVE

Score CVSS v3.18.6

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/15/2026

Derniere modification1/20/2026

Sourcenvd

Observations honeypot0

Produits affectes

pimcore:pimcore

Faiblesses (CWE)

CWE-532

References

https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601(security-advisories@github.com)

https://github.com/pimcore/pimcore/pull/18918(security-advisories@github.com)

https://github.com/pimcore/pimcore/releases/tag/v11.5.14(security-advisories@github.com)

https://github.com/pimcore/pimcore/releases/tag/v12.3.1(security-advisories@github.com)

https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h(security-advisories@github.com)

https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.