Ghostwire

CVE-2026-45260: Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling

HIGH CVSS 8.1 Exploit Available

Published: May 27, 2026 | Last Modified: May 27, 2026

Description

Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

github.com/pimcore/pimcore/security/advisories/GHSA-wc7j-g8wx-m2qx
github.com/pimcore/pimcore/pull/19120
github.com/pimcore/pimcore/commit/9d7c77fd9b19fa011ce470de95d4438e65007d99
github.com/pimcore/pimcore/releases/tag/v12.3.7
github.com/advisories/GHSA-wc7j-g8wx-m2qx
www.tenable.com/cve/CVE-2026-45260
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-45260