Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/04 7:29 p.m.9 views

Missing Authentication for Critical Function

Overview arelle-release is an An open source XBRL platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the plugins parameter in the /rest/configure endpoint, which is processed without authentication or authorization. An attacker can execu...

9.8CVSS6.2AI score0.00732EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 5:19 p.m.5 views

CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/04 5:19 p.m.9 views

EUVD-2026-27079

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS6.5AI score0.00732EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/04 5:19 p.m.35 views

CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure

Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...

9.8CVSS0.00732EPSS
Exploits0References3
Rows per page
Query Builder