Improper Access Control in Pimcore's WordExport Feature
CVE-2026-45703
6.4MEDIUM
What is CVE-2026-45703?
Pimcore, an Open Source Data & Experience Management Platform, suffers from an improper access control vulnerability in its WordExport feature. Before versions 11.5.17 (LTS) and 12.3.7, the system's TranslationController.php file only verifies the word_export feature permission. It allows low-privileged backend users to export document content that they do not have permission to view by directly processing attacker-controlled input. This flaw can lead to unauthorized access to sensitive content, making it imperative for users to upgrade to the latest versions to ensure their systems are secure.
Affected Version(s)
pimcore < 11.5.17 < 11.5.17
pimcore >= 12.0.0, < 12.3.7 < 12.0.0, 12.3.7