Description

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14.

INFO

Published Date :

2026-01-15T16:38:23.923Z

Last Modified :

2026-01-15T19:02:08.517Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23493 vulnerability.

Vendors Products
Pimcore
  • Pimcore
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23493.

URL Resource
https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601 cve-icon cve-icon
https://github.com/pimcore/pimcore/pull/18918 cve-icon cve-icon
https://github.com/pimcore/pimcore/releases/tag/v11.5.14 cve-icon cve-icon
https://github.com/pimcore/pimcore/releases/tag/v12.3.1 cve-icon cve-icon
https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact