Path Traversal Vulnerability in Open Security Issue Management by Red Hat
CVE-2026-1616

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Osim
Vendor: CVE Published:; 29 January 2026

What is CVE-2026-1616?

A vulnerability exists in Open Security Issue Management (OSIM) that enables attackers to execute path traversal attacks by manipulating query parameters. The flaw is related to the concatenation of $uri and $args in the nginx configuration file. This misconfiguration allows unauthorized access to sensitive files within the server's file system, potentially compromising the integrity and confidentiality of the application.

Affected Version(s)

osim 0

References

https://github.com/RedHatProductSecurity/osim/pull/615

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2026
Vulnerability Reserved
Jan 29, 2026

Credit

Moritz Oehrlein (m1tz)

CVE-2026-1616 Data

JSON