CVE-2026-53698
medium
CVSS v3
6.5
CVSS v4 NEW
โ
VIR risk
6.5
Description
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set.
Predictions
Exploit likelihood
75%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L120-L122
- https://github.com/Silverpeas/Silverpeas-Core/blob/983c5d07928b8a5ddcb39cc17d7fb9a0d87019b9/core-war/src/main/java/org/silverpeas/web/servlets/FileServer.java#L150-L153
- https://github.com/Silverpeas/Silverpeas-Core/commit/caa6e6d1ac967ebd29b39e11c2ef5e7fd0047eec
- https://tracker.silverpeas.org/issues/15229
CWEs
CWE-36
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.