Home > Vulnerability Database > CVE-2026-23496

Mend.io Vulnerability Database

CVE-2026-23496

Good to know:

Date: January 15, 2026

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to successfully invoke the endpoint and modify or retrieve these configurations. This vulnerability is fixed in 5.2.2 and 6.1.1.

Severity Score

5.4

Related Resources (8)

Url: https://github.com/pimcore/web2print-tools/commit/7714452a04b9f9b077752784af4b8d0b05e464a1

Url: https://github.com/pimcore/pimcore/security/advisories/GHSA-4wg4-p27p-5q2r

Url: https://github.com/pimcore/web2print-tools/pull/108

Url: https://github.com/pimcore/web2print-tools/releases/tag/v5.2.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-23496

Url: https://github.com/pimcore/web2print-tools/releases/tag/v6.1.1

Url: https://github.com/pimcore/pimcore

Url: https://www.mend.io/vulnerability-database/CVE-2026-23496

Severity Score

5.4

Weakness Type (CWE)

Improper Access Control

CWE-284

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version https://github.com/pimcore/web2print-tools.git - v5.2.2;https://github.com/pimcore/web2print-tools.git - v6.1.1

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-23496

Good to know:

Date: January 15, 2026

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?