Opencloud Reva

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-23989 HIGH PATCH This Week

Unauthenticated attackers can bypass public link scope verification in OpenCloud Reva versions prior to 2.42.3 and 2.40.3 through a flaw in GRPC authorization middleware. By exploiting the archiver service, an attacker can create archives containing all resources accessible to the public link creator, resulting in unauthorized information disclosure. A patch is available in versions 2.42.3 and 2.40.3.

Authentication Bypass Opencloud Reva Suse

NVD GitHub

CVSS 3.1

8.2

EPSS

0.0%

CVE-2026-23989

EPSS 0% CVSS 8.2

HIGH PATCH This Week

Unauthenticated attackers can bypass public link scope verification in OpenCloud Reva versions prior to 2.42.3 and 2.40.3 through a flaw in GRPC authorization middleware. By exploiting the archiver service, an attacker can create archives containing all resources accessible to the public link creator, resulting in unauthorized information disclosure. A patch is available in versions 2.42.3 and 2.40.3.

Authentication Bypass Opencloud Reva Suse

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy