Back to CVE List

CVE-2026-35023

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vulnerability Description

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve image previews from other users' private or group conversations, resulting in unauthorized disclosure of sensitive information.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-639
Source
NVD
Vendor
Cloud Solutions SAS
Product
Wimi Teamwork

External References

Discussion (0)

Add Comment

No comments yet. Be the first!