Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. | |
| Title | openSIS Classic 9.3 - Authenticated path traversal in SentMail attachment download | |
| First Time appeared |
Os4ed
Os4ed opensis-classic |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:os4ed:opensis-classic:9.3:*:linux:*:*:*:*:* cpe:2.3:a:os4ed:opensis-classic:9.3:*:macos:*:*:*:*:* cpe:2.3:a:os4ed:opensis-classic:9.3:*:windows:*:*:*:*:* |
|
| Vendors & Products |
Os4ed
Os4ed opensis-classic |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: Fluid Attacks
Published:
Updated: 2026-07-14T15:58:38.983Z
Reserved: 2026-06-10T21:25:07.392Z
Link: CVE-2026-11944
Updated: 2026-07-14T15:58:35.077Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T16:45:04Z