CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve image previews from other users' private or group conversations, resulting in unauthorized disclosure of sensitive information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 7.6%

CVSS Severity

CVSS v3 Score 4.3

References

https://www.vulncheck.com/advisories/wimi-teamwork-on-premises-idor-via-preview-php
https://www.wimi-teamwork.com/en/product-update

Products affected by CVE-2026-35023

Wimi-Teamwork » Wimi-Teamwork » Version: Any

cpe:2.3:a:wimi-teamwork:wimi-teamwork:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-35023

Products

Pricing

Contact Us