CVE-2026-24732

Q: How severe is CVE-2026-24732?

CVSS scoring is not yet available for CVE-2026-24732. Check NVD for updates.

Q: Is there a patch for CVE-2026-24732?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.

Vulnerability Description

Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0. HINT: Versions provided apply to BlueSpice MediaWiki releases. For Extension:NSFileRepo the affected versions are 3.0 < 3.0.5

Related Weaknesses (CWE)

CWE-732 CWE-552

References

https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2026-02

FAQ

What is CVE-2026-24732?

CVE-2026-24732 is a documented vulnerability. Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing F...

How severe is CVE-2026-24732?

CVSS scoring is not yet available for CVE-2026-24732. Check NVD for updates.

Is there a patch for CVE-2026-24732?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.