Description

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs, attachments) associated with any submission. The problem was patched in commit ceacd5f1476458792c44c6a993670f02c984b4a0.

INFO

Published Date :

2026-01-19T18:08:41.100Z

Last Modified :

2026-01-20T21:40:57.565Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23878 vulnerability.

Vendors Products
Hotcrp
  • Hotcrp
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23878.

URL Resource
https://github.com/kohler/hotcrp/commit/aa20ef288828b04550950cf67c831af8a525f508 cve-icon cve-icon
https://github.com/kohler/hotcrp/commit/ceacd5f1476458792c44c6a993670f02c984b4a0 cve-icon cve-icon
https://github.com/kohler/hotcrp/security/advisories/GHSA-vh3x-xwj4-jvqx cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact