FKIE_CVE-2026-33486

Vulnerability from fkie_nvd - Published: 2026-03-26 18:16 - Updated: 2026-03-31 21:13
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. Versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 contain a patch.
References
security-advisories@github.comhttps://github.com/roadiz/core-bundle-dev-app/commit/7904f690a51b88b1c72c02149ebdf85fa81f19f2Patch
security-advisories@github.comhttps://github.com/roadiz/core-bundle-dev-app/security/advisories/GHSA-rc55-58f4-687gExploit, Vendor Advisory
Impacted products
Vendor Product Version
roadiz core-bundle-dev-app *
roadiz core-bundle-dev-app *
roadiz core-bundle-dev-app *
roadiz core-bundle-dev-app *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:roadiz:core-bundle-dev-app:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B54B795E-2244-402F-80D7-B2AE64ADB6FC",
              "versionEndExcluding": "2.3.42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roadiz:core-bundle-dev-app:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "797A6BCB-ACEE-49D0-A3F5-8D67FEE92A94",
              "versionEndExcluding": "2.5.44",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roadiz:core-bundle-dev-app:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2541EE20-EDA5-434A-A201-9979927BA219",
              "versionEndExcluding": "2.6.28",
              "versionStartIncluding": "2.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:roadiz:core-bundle-dev-app:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C506359-4F7E-47A5-9A30-39948ABEAA5C",
              "versionEndExcluding": "2.7.9",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server\u0027s local file system that the web server process has access to, including highly sensitive environment variables, database credentials, and internal configuration files. Versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 contain a patch."
    },
    {
      "lang": "es",
      "value": "Roadiz es un sistema de gesti\u00f3n de contenido polim\u00f3rfico basado en un sistema de nodos que puede manejar muchos tipos de servicios. Una vulnerabilidad en roadiz/documents anterior a las versiones 2.7.9, 2.6.28, 2.5.44 y 2.3.42 permite a un atacante autenticado leer cualquier archivo en el sistema de archivos local del servidor al que el proceso del servidor web tiene acceso, incluyendo variables de entorno altamente sensibles, credenciales de base de datos y archivos de configuraci\u00f3n internos. Las versiones 2.7.9, 2.6.28, 2.5.44 y 2.3.42 contienen un parche."
    }
  ],
  "id": "CVE-2026-33486",
  "lastModified": "2026-03-31T21:13:52.977",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-26T18:16:29.903",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/roadiz/core-bundle-dev-app/commit/7904f690a51b88b1c72c02149ebdf85fa81f19f2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/roadiz/core-bundle-dev-app/security/advisories/GHSA-rc55-58f4-687g"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.