CVE-2026-45704 | Pimcore up to 11.5.16/12.3.5 CustomReportsBundle CustomReportController.php report name improper authorization

SecurityVulns

A vulnerability was found in Pimcore up to 11.5.16/12.3.5. It has been rated as problematic. The impacted element is an unknown function of the file bundles/CustomReportsBundle/src/Controller/Reports/CustomReportController.php of the component CustomReportsBundle. The manipulation of the argument report name leads to improper authorization.

This vulnerability is referenced as CVE-2026-45704. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More