Plataforma
php
Componente
redaxo/source
Corrigido em
5.20.3
5.20.2
CVE-2026-21857 describes a Path Traversal vulnerability discovered in the Redaxo CMS Backup addon. This flaw allows authenticated users possessing backup permissions to read arbitrary files within the webroot. The vulnerability impacts versions of Redaxo CMS up to and including 5.20.1. A patch addressing this issue has been released in version 5.20.2.
An attacker exploiting this vulnerability can leverage the Backup addon's file export functionality to read sensitive files located anywhere within the webroot. This includes configuration files, database credentials, and potentially source code. Successful exploitation requires the attacker to be an authenticated user with backup permissions, which may be granted to administrators or other privileged users. The potential impact extends beyond simple information disclosure; an attacker could potentially modify or exfiltrate critical system files, leading to a complete compromise of the Redaxo CMS installation. This vulnerability shares similarities with other path traversal exploits where attackers bypass access controls to read restricted files.
CVE-2026-21857 was publicly disclosed on 2026-01-05. No KEV listing is currently available. Public proof-of-concept (PoC) code is not yet widely available, but the vulnerability's nature suggests that PoCs are likely to emerge. The vulnerability's impact is considered moderate due to the requirement for authenticated access with specific permissions.
Organizations using Redaxo CMS with the Backup addon enabled, particularly those with multiple administrators or users granted backup permissions, are at risk. Shared hosting environments where multiple users share the same Redaxo CMS installation are also particularly vulnerable, as an attacker could potentially compromise another user's account to exploit this vulnerability.
• php / server:
grep -r 'EXPDIR=' /var/www/redaxo/source/addons/backup/index.php• php / server:
journalctl -u php-fpm -f | grep "EXPDIR="• generic web:
Inspect web server access logs for requests containing unusual paths in the EXPDIR parameter, such as ../ or absolute paths.
disclosure
Status do Exploit
EPSS
0.03% (percentil 7%)
CISA SSVC
The primary mitigation for CVE-2026-21857 is to immediately upgrade Redaxo CMS to version 5.20.2 or later. If upgrading is not immediately feasible, consider restricting access to the Backup addon's file export functionality to only trusted administrators. Implement strict access controls to limit the number of users with backup permissions. Web application firewalls (WAFs) can be configured to detect and block requests containing suspicious path traversal patterns in the EXPDIR parameter. Monitor web server access logs for unusual file access attempts, particularly those targeting files outside of the expected backup directory.
Actualice Redaxo a la versión 5.20.2 o superior. Esta versión corrige la vulnerabilidad de path traversal en el addon de Backup. La actualización se puede realizar a través del panel de administración de Redaxo o descargando la última versión del sitio web oficial.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-21857 is a Path Traversal vulnerability affecting Redaxo CMS versions 5.20.1 and earlier, allowing authenticated users to read arbitrary files.
You are affected if you are running Redaxo CMS version 5.20.1 or earlier and have the Backup addon enabled.
Upgrade Redaxo CMS to version 5.20.2 or later to resolve this vulnerability. Restrict access to the Backup addon if immediate upgrade isn't possible.
While no active exploitation has been confirmed, the vulnerability's nature suggests it is likely to be targeted.
Refer to the official Redaxo security advisory for detailed information and updates: [https://redaxo.com/security/](https://redaxo.com/security/)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.