Data Exposure Vulnerability in Pimcore Open Source Platform
CVE-2026-23493
8.6HIGH
What is CVE-2026-23493?
The Pimcore Data & Experience Management Platform has a vulnerability that allows sensitive information, including database passwords and cookie session data, to be stored in the http_error_log file. This file can be accessed through the Pimcore backend, posing a significant risk for data exposure. The issue affects versions earlier than 12.3.1 and 11.5.14. Updated versions are available, which effectively mitigate this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
pimcore >= 12.0.0-RC1, < 12.3.1 < 12.0.0-RC1, 12.3.1
pimcore < 11.5.14 < 11.5.14
References
CVSS V3.1
Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved