Skip to main content

OpenKM CVE-2026-41917

| EUVD-2026-31833 MEDIUM
Path Traversal (CWE-22)
2026-05-26 VulnCheck GHSA-hf34-4jm2-f8qq
Path Traversal Openkm Community Edition Openkm Professional Edition
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 12:20 vuln.today
CVSS changed
May 26, 2026 - 15:22 NVD
4.9 (MEDIUM) 6.9 (MEDIUM)

DescriptionCVE.org

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers can exploit this to access sensitive files including /etc/passwd, configuration files containing database credentials, and JVM keystores accessible to the OpenKM process.

AnalysisAI

Path traversal in OpenKM's administrative scripting interface exposes arbitrary server-side files to authenticated administrators who supply attacker-controlled paths via the fsPath parameter at /admin/Scripting with action=Load. Both the Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) are affected, enabling exfiltration of /etc/passwd, database credential files, and JVM keystores accessible to the OpenKM process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid OpenKM admin credentials
Delivery
Authenticate to /admin/Scripting web endpoint
Exploit
Inject absolute filesystem path via fsPath parameter with action=Load
Execution
Server reads target file without path restriction
Persist
Parse returned file contents for credentials or key material
Impact
Leverage harvested secrets for lateral movement
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid OpenKM administrator-level account - confirmed by CVSS 4.0 PR:H. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.9 reflects the network-accessible nature of the flaw (AV:N/AC:L/AT:N) but is tempered significantly by the High privilege requirement (PR:H), meaning a valid administrator account is a mandatory prerequisite - this is not a zero-authentication issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has compromised an OpenKM administrator account - through credential stuffing, phishing, or reuse from a prior breach - authenticates to the web interface and issues a GET or POST request to /admin/Scripting with fsPath=/etc/passwd and action=Load. The server returns the contents of the file, which the attacker parses for system usernames. …
Remediation No vendor-released patch identified at time of analysis - the Terra System Labs advisory characterized this as a zero-day at disclosure, and no fixed version number appears in NVD, EUVD, or VulnCheck data. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-41917 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy