CNNVD-202601-2589 Information
CNNVD ID
CNNVD-202601-2589
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
Pimcore是奥地利Pimcore公司的一套开源的用于创建和管理Web应用程序的Web内容管理平台。该平台集成了Web内容管理、电子商务框架和产品信息管理等应用。 Pimcore存在访问控制错误漏洞,该漏洞源于API端点缺少服务器端授权检查,可能导致预定义属性配置泄露。
Description (English)
Pimcore is an open-source web content management platform for the creation and management of Web applications by Pimcore Austria. The platform brings together applications such as Web content management, e-commerce frameworks and product information management. Pimcore has a bug in access control, which stems from the lack of server-end authorization checks at the API endpoint, which may lead to the predefined attribute configuration being leaked.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
Pimcore
Published
2026-01-15
Last Modified
2026-02-24
References
https://github.com/pimcore/admin-ui-classic-bundle/commit/98095949fbeaf11cdf4cadb2989d7454e1b88909 https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.7.16 https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v2.2.3 https://github.com/pimcore/pimcore/security/advisories/GHSA-hqrp-m84v-2m2f
Patch
https://github.com/pimcore/pimcore/releases
Share on: