Efwgrp Efw4.x
4 CVEs affecting Efwgrp Efw4.x. Latest disclosed: 2026-05-12. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44260 | High | 8.1 | 2026-05-12 | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the <efw:elFinder> JSP tag is intended to prevent file modifications. Wh… |
CVE-2026-44259 | Medium | 4.6 | 2026-05-12 | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without an… |
CVE-2026-44258 | | 2026-05-12 | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containm… | |
CVE-2026-44257 | | 2026-05-12 | efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName())… |