← Back

Wimi Teamwork

wimi-teamwork

Vendor: Wimi Teamwork • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-35023
1Wimi Teamwork
1Wimi Teamwork
Jun 2, 2026
Apr 8, 2026
5.3 MEDIUM· v4
4.3 MEDIUM· v3
N/A· v2
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumera...Show more
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve image previews from other users' private or group conversations, resulting in unauthorized disclosure of sensitive information.Show less