CVE-2026-23878

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs, attachments) associated with any submission. The problem was patched in commit ceacd5f1476458792c44c6a993670f02c984b4a0.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/kohler/hotcrp/commit/aa20ef288828b04550950cf67c831af8a525f508	Patch
https://github.com/kohler/hotcrp/commit/ceacd5f1476458792c44c6a993670f02c984b4a0	Patch
https://github.com/kohler/hotcrp/security/advisories/GHSA-vh3x-xwj4-jvqx	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hotcrp:hotcrp:3.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-01-19 19:16

Updated : 2026-02-05 18:39

NVD link : CVE-2026-23878

Mitre link : CVE-2026-23878

CVE.ORG link : CVE-2026-23878

JSON object : View

Products Affected

hotcrp

hotcrp

CWE

CWE-201

Insertion of Sensitive Information Into Sent Data

{"id": "CVE-2026-23878", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-01-19T19:16:04.963", "references": [{"url": "https://github.com/kohler/hotcrp/commit/aa20ef288828b04550950cf67c831af8a525f508", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/kohler/hotcrp/commit/ceacd5f1476458792c44c6a993670f02c984b4a0", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/kohler/hotcrp/security/advisories/GHSA-vh3x-xwj4-jvqx", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-201"}]}], "descriptions": [{"lang": "en", "value": "HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs, attachments) associated with any submission. The problem was patched in commit ceacd5f1476458792c44c6a993670f02c984b4a0."}, {"lang": "es", "value": "HotCRP es un software de revisi\u00f3n de conferencias. A partir del commit aa20ef288828b04550950cf67c831af8a525f508 y antes del commit ceacd5f1476458792c44c6a993670f02c984b4a0, los autores con al menos una entrega en un sitio de HotCRP pod\u00edan usar la API de documentos para descargar cualquier documento (PDFs, adjuntos) asociado con cualquier entrega. El problema fue parcheado en el commit ceacd5f1476458792c44c6a993670f02c984b4a0."}], "lastModified": "2026-02-05T18:39:14.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hotcrp:hotcrp:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C49A46B9-6C68-43E5-9B50-3C271E236CDE"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}