Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

References
Link Providers
https://portal.microfocus.com/s/article/KM000045579?language=en_US cve-icon cve-icon
History

Tue, 03 Mar 2026 22:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2.
Title Improper access control vulnerability has been discovered in OpenText™ Filr.
Weaknesses CWE-862
References
Metrics cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:D/RE:M/U:Red'}
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenText

Published:

Updated: 2026-03-03T22:28:52.816Z

Reserved: 2026-02-26T14:50:44.358Z

Link: CVE-2026-3266

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-03T23:15:56.813

Modified: 2026-03-03T23:15:56.813

Link: CVE-2026-3266

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.