2 matches found
CVE-2026-45704
Summary: Pimcore's CustomReports feature suffers an authorization bypass where report listing is inconsistently checked and the detail endpoints load reports by name. A low-privileged backend user with the reports permission can request a non-visible report (e.g., poc-secret-report) by name and r...
CVE-2026-45704 Pimcore: CustomReports Share Bypass
Pimcore is an Open Source Data & Experience Management Platform. Prior to 11.5.17 LTS and 12.3.6, CustomReports uses inconsistent authorization between the report listing endpoint and the report detail endpoint in bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php and...