CVE-2026-29205

High

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment…

hackerone·CWE-250·Published 2026-05-13

CVSS

8.6

EPSS

0.07

KEV

Exploits

cve.orgen

152 chars

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.

NVDen

152 chars

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	8.6	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
3.1	Primary	cve.org	8.6	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L