CVE-2026-58451

Publication date 2 July 2026

Last updated 2 July 2026


Ubuntu priority

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Description

Horde IMP before 7.0.1 contains a path traversal vulnerability in lib/Compose.php that allows authenticated attackers to read arbitrary files from the server filesystem by embedding traversal sequences after a CKEditor path prefix in img src URLs. Attackers can bypass the stripos() prefix validation by appending sequences such as traversal segments after the matching prefix, causing file_get_contents() to read sensitive files whose contents are then exfiltrated as MIME parts in outgoing email; unauthenticated exploitation is also achievable via CSRF against an active authenticated session.

Status

Package Ubuntu Release Status
php-horde-imp 26.04 LTS resolute Not in release
25.10 questing Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
18.04 LTS bionic
Needs evaluation

Severity score breakdown

CVSS version:

Base score 7.1 · High

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Base score 6.5 · Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N


Access our resources on patching vulnerabilities