HomeCVE Intelligence › CVE-2026-34151
CVSS 7.5 HIGH Vulnerability

CVE-2026-34151: XWiki Platform Old Core: Resource path traversal via /skin/ action endpoint in Jetty 12+

Impact With Jetty 12+ a user can craft a URL to access any resource the Jetty instance is allowed to access. For example http://[host]/xwiki/bin/skin/..%252f/..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd a…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-34151
Vendormaven
Affected Productorg.xwiki.platform:xwiki-platform-oldcore
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact With Jetty 12+ a user can craft a URL to access any resource the Jetty instance is allowed to access. For example http://[host]/xwiki/bin/skin/..%252f/..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd allows downloading the content of the /etc/passwd file, provided Jetty is allowed to read it, and if your XWiki webapp is located exactly 5 levels below / (like /var/lib/jetty/webapps/xwiki, which is the case in the docker image, for example). Another example which does not go out of the XWiki webapp, but it's still a vulnerability (since users should not be allowed to access Hibernate or XWiki configuration files) is http://[host]/xwiki/bin/skin/..%252f/..%252fWEB-INF/xwiki.cfg.

Patches This vulnerability has been patched in XWiki 17.10.5 and 18.2.0.

Work

🎯 Known Indicators of Compromise

{"type":"url","value":"http://[host]/xwiki/bin/skin/..%252f/..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd`","confidence_score":0.82,"first_seen":"2026-07-07","source_count":1} {"type":"url","value":"http://[host]/xwiki/bin/skin/..%252f/..%252fWEB-INF/xwiki.cfg`.","confidence_score":0.82,"first_seen":"2026-07-07","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-34151 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence