Ghostwire

CVE-2026-41917: OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at...

MEDIUM CVSS 5.5

Published: May 26, 2026 | Last Modified: May 26, 2026

Description

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers can exploit this to access sensitive files including /etc/passwd, configuration files containing database credentials, and JVM keystores accessible to the OpenKM process.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2026-41917: OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at...

Description

Ghostwire Analysis — What This Means Practically

Security Coverage (2 articles)

References