CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2026-35023

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile12.23th
Published2026年4月8日
Last Modified2026年6月2日

Vulnerability Description

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve image previews from other users' private or group conversations, resulting in unauthorized disclosure of sensitive information.

Affected Platforms (CPE)

📦
Wimi Teamwork

Wimi Teamwork

< 8.2.0

References & Advisories

🔗 https://www.vulncheck.com/advisories/wimi-teamwork-on-premises-idor-via-preview-php
🔗 https://www.wimi-teamwork.com/en/product-update

相關漏洞威脅

CVE-2026-2018210.0

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after ...

CVE-2026-4077210.0

Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.

CVE-2026-2012710.0

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN M...

CVE-2026-1052010.0

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenti...