CVE-2026-23620 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /…
Medium CVSS: 5.3

CVE-2026-23620

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist() web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON key \"path\", which is URL-decoded and passed to File.Exists(), allowing the attacker to determine whether arbitrary files exist on the server.
Vendor
Gfi
Product
Mailessentials
CWE
CWE-203
Yayın Tarihi
2026-02-19 18:24:57
Güncelleme
2026-02-20 17:22:08
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-203 Mailessentials MEDIUM Gfi 2026

Referanslar

https://gfi.ai/products-and-solutions/network-security-solutions/mailessentials/resources/documentation/product-releases https://www.vulncheck.com/advisories/gfi-mailessentials-ai-listserver-isdbexist-absolute-directory-traversal-to-file-enumeration