Description
openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | openSIS Classic 9.3 contains an authenticated path traversal vulnerability in the legacy messaging sent-mail attachment download functionality that allows an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. | |
| Title | openSIS Classic 9.3 - Authenticated path traversal in SentMail attachment download | |
| First Time appeared |
Os4ed
Os4ed opensis-classic |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:os4ed:opensis-classic:9.3:*:linux:*:*:*:*:* cpe:2.3:a:os4ed:opensis-classic:9.3:*:macos:*:*:*:*:* cpe:2.3:a:os4ed:opensis-classic:9.3:*:windows:*:*:*:*:* |
|
| Vendors & Products |
Os4ed
Os4ed opensis-classic |
|
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: Fluid Attacks
Published:
Updated: 2026-07-14T15:23:47.689Z
Reserved: 2026-06-10T21:25:07.392Z
Link: CVE-2026-11944
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses