Source: php-horde-imp Version: 6.2.27-3 Severity: grave Tags: security upstream Forwarded: https://github.com/horde/imp/pull/85 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for php-horde-imp. CVE-2026-58451[0]: | Horde IMP before 7.0.1 contains a path traversal vulnerability in | lib/Compose.php that allows authenticated attackers to read | arbitrary files from the server filesystem by embedding traversal | sequences after a CKEditor path prefix in img src URLs. Attackers | can bypass the stripos() prefix validation by appending sequences | such as traversal segments after the matching prefix, causing | file_get_contents() to read sensitive files whose contents are then | exfiltrated as MIME parts in outgoing email; unauthenticated | exploitation is also achievable via CSRF against an active | authenticated session. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-58451 https://www.cve.org/CVERecord?id=CVE-2026-58451 [1] https://github.com/horde/imp/pull/85 [2] https://github.com/horde/imp/commit/fba972fab72ee6871e5d56e6390bee38593085de Regards, Salvatore

