Incorrect Authorization Affecting pimcore/pimcore package, versions <12.3.7
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Incorrect Authorization vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PHP-PIMCOREPIMCORE-17112578
- published31 May 2026
- disclosed27 May 2026
- creditHuajiHD
Introduced: 27 May 2026
NewCVE-2026-45703 (opens in a new tab)How to fix?
Upgrade pimcore/pimcore to version 12.3.7 or higher.
Overview
pimcore/pimcore is a content & product management framework (CMS/PIM/E-Commerce).
Affected versions of this package are vulnerable to Incorrect Authorization in the WordExport process. An attacker can access and export sensitive document content by exploiting insufficient object-level authorization checks, allowing retrieval of information from documents without the required view permission. This is only exploitable if the attacker is an authenticated backend user with the word_export permission but lacks view permission on the target document.