Vulnerability Database

322,905

Total vulnerabilities in the database

CVE-2026-23493

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through the Pimcore backend. This vulnerability is fixed in 12.3.1 and 11.5.14.

Published: Jan 15, 2026
Updated: Jan 16, 2026
CVE: CVE-2026-23493
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
pimcore / pimcore	-	11.5.14
pimcore / pimcore	12.0.0	12.3.1

https://github.com/pimcore/pimcore/commit/002ec7d5f84973819236796e5b314703b58e8601
https://github.com/pimcore/pimcore/pull/18918
https://github.com/pimcore/pimcore/releases/tag/v11.5.14
https://github.com/pimcore/pimcore/releases/tag/v12.3.1
https://github.com/pimcore/pimcore/security/advisories/GHSA-q433-j342-rp9h

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo