CVE-2026-2861 – This vulnerability in Foswiki allows remote att... (How to Fix)

Q: What is the severity of CVE-2026-2861?

CVE-2026-2861 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Foswiki allows remote attackers to access sensitive information through the Changes/Viewfile/Oops component. It affects all Foswiki installations up to version 2.1.10. The information disclosure could expose internal data that should not be publicly accessible.

📋 TL;DR

This vulnerability in Foswiki allows remote attackers to access sensitive information through the Changes/Viewfile/Oops component. It affects all Foswiki installations up to version 2.1.10. The information disclosure could expose internal data that should not be publicly accessible.

💻 Affected Systems

Products:

Foswiki

Versions: Up to and including 2.1.10

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected Foswiki versions are vulnerable.

📦 What is this software?

Foswiki by Foswiki

View all CVEs affecting Foswiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive configuration files, user data, or internal documentation, potentially leading to further attacks or data breaches.

🟠

Likely Case

Unauthorized access to internal files or information that should be restricted, compromising confidentiality of the Foswiki installation.

🟢

If Mitigated

Limited exposure of non-critical information with proper access controls and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit is publicly available and can be executed remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.11

Vendor Advisory: https://foswiki.org/Tasks/Item15600

Restart Required: Yes

Instructions:

1. Backup your Foswiki installation. 2. Download Foswiki 2.1.11 or later from the official website. 3. Replace the affected files with the patched versions. 4. Restart the web server. 5. Verify the patch is applied by checking the version.

🔧 Temporary Workarounds

Restrict access to Changes/Viewfile/Oops

all

Temporarily block or restrict access to the vulnerable component using web server configuration.

# Apache example: RewriteRule ^Changes/Viewfile/Oops - [F]
# Nginx example: location ~ ^/Changes/Viewfile/Oops { deny all; }

🧯 If You Can't Patch

Implement strict network access controls to limit Foswiki access to trusted IPs only.
Deploy a web application firewall (WAF) with rules to block requests to the vulnerable endpoint.

🔍 How to Verify

Check if Vulnerable:

Check if your Foswiki version is 2.1.10 or earlier by examining the version file or admin interface.

Check Version:

grep 'VERSION' lib/Foswiki.pm | head -1

Verify Fix Applied:

Verify the installed version is 2.1.11 or later and check that the patch commit 31aeecb58b64/d8ed86b10e46 is present.

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to Changes/Viewfile/Oops endpoint
Requests returning sensitive file contents

Network Indicators:

HTTP requests to /bin/view/Changes/Viewfile/Oops with suspicious parameters

SIEM Query:

source="foswiki_access.log" AND uri="/bin/view/Changes/Viewfile/Oops"

📊 Metadata

CVE ID: CVE-2026-2861

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-200

Published: February 21, 2026

Last Updated: February 26, 2026

🔗 References

https://foswiki.org/Tasks/Item15600 Permissions Required
https://foswiki.org/Tasks/Item15601 Permissions Required
https://github.com/foswiki/distro/commit/31aeecb58b64 Patch
https://vuldb.com/?ctiid.347101 Permissions Required,VDB Entry
https://vuldb.com/?id.347101 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.753966 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2861, you might also want to check these: