CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-23878

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs, attachments) associated with any submission. The problem was patched in commit ceacd5f1476458792c44c6a993670f02c984b4a0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.0%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/kohler/hotcrp/commit/aa20ef288828b04550950cf67c831af8a525f508
https://github.com/kohler/hotcrp/commit/ceacd5f1476458792c44c6a993670f02c984b4a0
https://github.com/kohler/hotcrp/security/advisories/GHSA-vh3x-xwj4-jvqx

Products affected by CVE-2026-23878

Hotcrp » Hotcrp » Version: 3.1

cpe:2.3:a:hotcrp:hotcrp:3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-23878

Products

Pricing

Contact Us