File Operations Vulnerability in efw4.X by efwGrp
CVE-2026-44260

8.1HIGH

Key Information:

Vendor: Efwgrp
Status: Efw4.x
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-44260?

The efw4.X Enterprise Framework for Web contains a vulnerability that allows attackers to execute write operations on files, despite certain security settings meant to prevent such actions. Specifically, the readonly flag on the efw:elFinder JSP tag is intended to restrict file modifications. However, due to inadequate event handler checks, attackers who bypass the user interface can manipulate files even when readonly is set to true. This issue is resolved in version 4.08.010.

Affected Version(s)

efw4.X < 4.08.010

References

https://github.com/efwGrp/efw4.X/security/advisories/GHSA...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 5, 2026

CVE-2026-44260 Data

JSON

Efwgrp

What is CVE-2026-44260?

Affected Version(s)

References

CVSS V3.1

Timeline