Skip to main content

MyComplianceOffice MCO CVE-2026-53906

| EUVDEUVD-2026-40952 MEDIUM
Path Traversal (CWE-22)
2026-07-01 CERT-PL GHSA-qwcf-5293-mm28
5.1
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.5 MEDIUM

High privilege required to access file export/upload; scope changes because file writes affect the broader server filesystem beyond the application boundary; low C for path disclosure, low I for arbitrary file write.

3.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 01, 2026 - 13:23 vuln.today
CVE Published
Jul 01, 2026 - 11:58 cve.org
MEDIUM 5.1

DescriptionCVE.org

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages.

Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.

AnalysisAI

Path traversal and path disclosure in MyComplianceOffice MCO's file handling functionality expose authenticated high-privilege users' ability to write files to arbitrary server locations and leak absolute server paths through error messages. Confirmed in version 25.3.3.1 via CERT-PL research, with other versions potentially affected given unsuccessful vendor contact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or compromise high-privilege MCO credentials
Delivery
Authenticate to MCO web interface
Exploit
Access data export or upload feature
Execution
Submit crafted filename with traversal sequences
Impact
Write file to arbitrary server path or trigger error to harvest absolute path

Vulnerability AssessmentAI

Exploitation Exploitation requires authenticated access with high privileges (PR:H per CVSS 4.0 vector) specifically to the data export and upload functionality within MCO. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.1 reflects a medium-severity finding with a network attack vector (AV:N) but a high privilege requirement (PR:H), which is the dominant risk-limiting factor. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with high-privilege access to MCO - such as a malicious insider or an actor who has separately compromised an administrator credential - navigates to the data export or upload functionality and submits a crafted filename parameter containing directory traversal sequences. The server writes the submitted file to an arbitrary location on the filesystem (e.g., a web-accessible directory or a configuration path), potentially enabling secondary impacts such as configuration tampering or web shell placement. …
Remediation No vendor-released patch has been identified at time of analysis; vendor contact attempts by CERT-PL were unsuccessful. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53906 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy