Login Sign Up

CVE-2026-26101

7.8 HIGH

📋 TL;DR

CVE-2026-26101 is an incorrect permission assignment vulnerability in Owl opds 2.2.0.4 that allows attackers to manipulate files through crafted network requests. This affects systems running the vulnerable version of Owl opds software. Attackers could potentially modify, delete, or create files with elevated privileges.

💻 Affected Systems

Products:
  • Owl opds
Versions: 2.2.0.4
Operating Systems: All platforms running Owl opds
Default Config Vulnerable: ⚠️ Yes
Notes: Only version 2.2.0.4 is confirmed affected. Earlier or later versions may also be vulnerable but not confirmed.

📦 What is this software?

Opds Talon by Owlcyberdefense

View all CVEs affecting Opds Talon →

Opds Talon by Owlcyberdefense

View all CVEs affecting Opds Talon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through file manipulation leading to remote code execution, data destruction, or privilege escalation.

🟠

Likely Case

Unauthorized file modification or deletion, potentially disrupting service availability or leaking sensitive data.

🟢

If Mitigated

Limited impact with proper network segmentation and file permission hardening.

🌐 Internet-Facing: HIGH - Network-accessible service vulnerable to remote exploitation.
🏢 Internal Only: MEDIUM - Still vulnerable to internal threats but attack surface reduced.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Crafted network requests can trigger the vulnerability without authentication based on the description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2026-26101

Restart Required: No

Instructions:

No official patch available. Monitor vendor for updates and consider workarounds or alternative solutions.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to Owl opds service to trusted IPs only.

iptables -A INPUT -p tcp --dport [owl_port] -s [trusted_ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [owl_port] -j DROP

File Permission Hardening

linux

Set strict file permissions on Owl opds directories and files.

chmod 600 /path/to/owl/config/files
chown root:root /path/to/owl

🧯 If You Can't Patch

  • Isolate the affected system in a segmented network zone with strict access controls.
  • Implement application-level monitoring for file manipulation attempts and anomalous network requests.

🔍 How to Verify

Check if Vulnerable:

Check Owl opds version: grep -i version /path/to/owl/configuration or check package manager.

Check Version:

Check application logs or configuration files for version information specific to Owl opds installation.

Verify Fix Applied:

Verify version is not 2.2.0.4 or check for vendor patch updates.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file modification events in Owl opds logs
  • Failed permission checks or access denied errors

Network Indicators:

  • Suspicious network requests to Owl opds service from untrusted sources
  • Unusual patterns in file-related API calls

SIEM Query:

source="owl_opds.log" AND (event="file_modify" OR event="permission_error")

📊 Metadata

CVE ID: CVE-2026-26101
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-732
Published: February 20, 2026
Last Updated: February 27, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-26101, you might also want to check these:

CVE-2021-33509 9.9

This vulnerability allows remote authenticated managers in Plone to perform arbitrary disk I/O opera...

Same vulnerability type (CWE-732)
CVE-2024-5618 9.9

This vulnerability allows attackers to access functionality they shouldn't have permission to use in...

Same vulnerability type (CWE-732)
CVE-2023-40622 9.9

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated attack...

Same vulnerability type (CWE-732)