Description

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to successfully invoke the endpoint and modify or retrieve these configurations. This vulnerability is fixed in 5.2.2 and 6.1.1.

INFO

Published Date :

2026-01-15T16:58:39.431Z

Last Modified :

2026-01-15T18:26:33.948Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23496 vulnerability.

Vendors Products
Pimcore
  • Pimcore
  • Web2print Tools
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23496.

URL Resource
https://github.com/pimcore/pimcore/security/advisories/GHSA-4wg4-p27p-5q2r cve-icon cve-icon cve-icon
https://github.com/pimcore/web2print-tools/commit/7714452a04b9f9b077752784af4b8d0b05e464a1 cve-icon cve-icon
https://github.com/pimcore/web2print-tools/pull/108 cve-icon cve-icon
https://github.com/pimcore/web2print-tools/releases/tag/v5.2.2 cve-icon cve-icon
https://github.com/pimcore/web2print-tools/releases/tag/v6.1.1 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact