Skip to main content

GNU Savane EUVDEUVD-2026-38135

| CVE-2026-56355 LOW
Incorrect Behavior Order (CWE-696)
2026-06-20 mitre
3.7
CVSS 3.1 · Vendor: mitre

Severity by source

Vendor (mitre) PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
3.7 LOW

Network-reachable PHP endpoint; AC:H because exploitation requires knowledge of specific untrusted parameter structure; only low confidentiality disclosure with zero integrity or availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 22, 2026 - 06:28 vuln.today

DescriptionCVE.org

GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.

AnalysisAI

Information disclosure in GNU Savane's file-serving layer (frontend/php/file.php) allows network-accessible, unauthenticated remote attackers to bypass file authorization controls by supplying untrusted user-controlled data that the application incorrectly treats as authoritative in its access decision logic. Affected installations span Savane 3.14 through 3.17, confirmed by EUVD-2026-38135 and acknowledged via an FSF public statement. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Savane 3.14-3.17 instance
Delivery
Enumerate file.php endpoint and authorization parameter structure
Exploit
Craft HTTP request with manipulated untrusted authorization parameter
Execution
Server evaluates tainted parameter as authoritative in access check
Persist
Authorization bypass grants access to restricted file
Impact
Attacker retrieves disclosed file content

Vulnerability AssessmentAI

Exploitation The vulnerability is triggered through an HTTP request to the frontend/php/file.php endpoint in any Savane 3.14-3.17 deployment. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The overall risk signal is low-to-moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker with HTTP access to a Savane 3.14-3.17 instance crafts a request to frontend/php/file.php with a manipulated authorization parameter that the server-side logic accepts as trusted, substituting their own value for the expected session-derived authorization context. The server evaluates the tainted parameter in the access check at lines 113 or 123, concludes access is permitted, and returns a file from a restricted project that the attacker would not otherwise be authorized to retrieve. …
Remediation No vendor-released patch with an exact fix version has been identified from available data at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-38135 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy