Skip to main content

Opensis Classic

1 CVEs product

Monthly

CVE-2026-11944 MEDIUM This Month

Path traversal in openSIS Classic 9.3 exposes arbitrary server files through the legacy messaging sent-mail attachment download endpoint, exploitable by any authenticated low-privilege user. The vulnerability allows crafted sequences such as directory traversal patterns to escape the intended attachment directory and retrieve sensitive server-side files. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; however, the low authentication bar and network accessibility make this a realistic internal threat.

Path Traversal Opensis Classic
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
EPSS 0% CVSS 5.3
MEDIUM This Month

Path traversal in openSIS Classic 9.3 exposes arbitrary server files through the legacy messaging sent-mail attachment download endpoint, exploitable by any authenticated low-privilege user. The vulnerability allows crafted sequences such as directory traversal patterns to escape the intended attachment directory and retrieve sensitive server-side files. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; however, the low authentication bar and network accessibility make this a realistic internal threat.

Path Traversal Opensis Classic
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy