CNNVD-202601-2586 Information
CNNVD ID
CNNVD-202601-2586
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
Pimcore是奥地利Pimcore公司的一套开源的用于创建和管理Web应用程序的Web内容管理平台。该平台集成了Web内容管理、电子商务框架和产品信息管理等应用。 Pimcore 12.3.1之前版本和11.5.14之前版本存在安全漏洞,该漏洞源于API端点缺少服务器端授权检查,可能导致敏感路由配置泄露。
Description (English)
Pimcore is an open-source web content management platform for the creation and management of Web applications by Pimcore Austria. The platform brings together applications such as Web content management, e-commerce frameworks and product information management. Prior to Pimcore 12.3.1 and prior to 11.5.14, there was a security loophole resulting from the lack of server-end authorization checks at the API endpoint, which could lead to the leakage of sensitive route configurations.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Pimcore
Published
2026-01-15
Last Modified
2026-02-24
References
https://github.com/pimcore/pimcore/pull/18893 https://github.com/pimcore/pimcore/releases/tag/v11.5.14 https://github.com/pimcore/pimcore/releases/tag/v12.3.1 https://github.com/pimcore/pimcore/security/advisories/GHSA-m3r2-724c-pwgf
Patch
https://github.com/pimcore/pimcore/releases
Share on: