Authenticated Path Traversal Vulnerability in openSIS Classic by OS4ED
CVE-2026-11944

5.3MEDIUM

Key Information:

Vendor

Os4ed

Vendor
CVE Published:
14 July 2026

What is CVE-2026-11944?

openSIS Classic 9.3 is susceptible to an authenticated path traversal vulnerability within its legacy messaging system. This flaw allows authenticated attackers to exploit crafted path traversal sequences, enabling them to read sensitive files on the server. This exposure poses significant risks to the confidentiality of data and integrity of the openSIS platform, highlighting the need for immediate attention and patching.

Affected Version(s)

openSIS-Classic Windows 9.3

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Daniel Celis
.