CyberRota
← Ana sayfaya dön

CVE-2026-58451

MEDIUM · CVSS 6.5 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-01T19:16:56.690 · Çekilme zamanı: 2026-07-02T00:08:26.741867+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
exploit

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-58451
Severity
MEDIUM
CVSS
6.5
EPSS
Yok

Orijinal NVD Açıklaması

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos() prefix validation by appending sequences such as traversal segments after the matching prefix, causing file_get_contents() to read sensitive files whose contents are then exfiltrated as MIME parts in outgoing email; unauthenticated exploitation is also achievable via CSRF against an active authenticated session.