CVE-2026-28808

high

Red Hat

CVSS v3 Base Score

7.4

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

High

Availability

None

Published: April 7, 2026 (37 days ago)

Last Modified: April 7, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in Erlang OTP (inets modules). A remote unauthenticated attacker could exploit an incorrect authorization vulnerability when CGI (Common Gateway Interface) scripts are served via script_alias. This vulnerability arises from a path mismatch where access controls are evaluated against a different path than the script's execution path. This allows unauthorized access to CGI scripts intended to be protected by directory rules, potentially leading to information disclosure or the execution of unauthorized scripts.

CWE

CWE-551

Affected Products

Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 cna.erlef.org 🔗 github.com

CVE-2026-28808

Vulnerability Report

Description

CWE

Affected Products

References