CVE-2026-11407 | Pimcore CMS/DXP up to 12.3.8 checkMethodAllowed special elements used in a template engine

A vulnerability labeled as problematic has been found in Pimcore CMS and DXP up to 12.3.8. This affects the function checkMethodAllowed. Such manipulation leads to improper neutralization of special elements used in a template engine.

This vulnerability is documented as CVE-2026-11407. The attack can be executed remotely. There is not any exploit available.

It is advisable to implement a patch to correct this issue.VulDB Recent EntriesRead More