Primary

Context

Foswiki Information Disclosure Vulnerability in Changes Component

Vulnerability

Patched

An information disclosure vulnerability exists in Foswiki versions prior to 2.1.10, specifically within the Changes component's Viewfile/Oops functionality. This vulnerability allows unauthorized users to access and disclose protected information by crafting specific HTTP requests to the affected endpoints. The issue can be exploited remotely without any authentication requirements.

Impact

Exploitation of this vulnerability leads to unauthorized access and disclosure of sensitive information stored on the affected Foswiki instance.

Reproduction

To reproduce this vulnerability, send a crafted HTTP request to the 'oops', 'changes', or 'preview' endpoints of a Foswiki site running a vulnerable version. The request can be made without authentication. For example, a request to the 'oops' endpoint with a specific topic name can retrieve confidential data stored on that page.

Remediation

Upgrade Foswiki to version 2.1.11 or apply the patch identified as 31aeecb58b64/d8ed86b10e46.

Added: Feb 21, 2026, 6:19 AM

Updated: Feb 21, 2026, 6:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

9.5

remediation

7.7

relevance

3.2

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

9.5

remediation

7.7

relevance

3.2

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Foswiki Information Disclosure Vulnerability in Changes Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Foswiki

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating