{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1616", "assignerOrgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "state": "PUBLISHED", "assignerShortName": "redhat-cnalr", "dateReserved": "2026-01-29T13:25:57.791Z", "datePublished": "2026-01-29T13:38:35.932Z", "dateUpdated": "2026-01-29T16:44:01.819Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/RedHatProductSecurity/osim", "defaultStatus": "unaffected", "packageName": "osim", "product": "osim", "repo": "https://github.com/RedHatProductSecurity/osim", "vendor": "Red Hat", "versions": [{"lessThan": "v2025.9.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Moritz Oehrlein (m1tz)"}], "datePublic": "2025-09-02T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.</p>"}], "value": "The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "shortName": "redhat-cnalr", "dateUpdated": "2026-01-29T13:38:35.932Z"}, "references": [{"url": "https://github.com/RedHatProductSecurity/osim/pull/615"}], "source": {"discovery": "UNKNOWN"}, "title": "osim: Path Traversal via query parameters in Nginx configuration", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-29T15:56:24.185454Z", "id": "CVE-2026-1616", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T16:44:01.819Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1616", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-29T15:56:24.185454Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T15:56:27.067Z"}}], "cna": {"title": "osim: Path Traversal via query parameters in Nginx configuration", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Moritz Oehrlein (m1tz)"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/RedHatProductSecurity/osim", "vendor": "Red Hat", "product": "osim", "versions": [{"status": "affected", "version": "0", "lessThan": "v2025.9.0", "versionType": "custom"}], "packageName": "osim", "collectionURL": "https://github.com/RedHatProductSecurity/osim", "defaultStatus": "unaffected"}], "datePublic": "2025-09-02T13:00:00.000Z", "references": [{"url": "https://github.com/RedHatProductSecurity/osim/pull/615"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.", "supportingMedia": [{"type": "text/html", "value": "<p>The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "shortName": "redhat-cnalr", "dateUpdated": "2026-01-29T13:38:35.932Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1616", "state": "PUBLISHED", "dateUpdated": "2026-01-29T16:44:01.819Z", "dateReserved": "2026-01-29T13:25:57.791Z", "assignerOrgId": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "datePublished": "2026-01-29T13:38:35.932Z", "assignerShortName": "redhat-cnalr"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:open_security_issue_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "891D63F8-6798-45A9-9967-84E124DCAEFD", "versionEndExcluding": "2025.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters."}, {"lang": "es", "value": "La concatenaci\u00f3n de $uri$args en el archivo de configuraci\u00f3n de nginx presente en Open Security Issue Management (OSIM) anterior a la v2025.9.0 permite ataques de salto de ruta a trav\u00e9s de par\u00e1metros de consulta."}], "id": "CVE-2026-1616", "lastModified": "2026-03-10T17:45:05.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-29T14:16:13.457", "references": [{"source": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/RedHatProductSecurity/osim/pull/615"}], "sourceIdentifier": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:35:12.308701+00:00", "value": {"mitigation_remediation": ["Upgrade OSIM to version 2025.9.0 or later, which removes the vulnerable $uri$args concatenation.", "If upgrading is not immediately possible, modify the Nginx configuration to eliminate or sanitize the $uri$args concatenation, ensuring that query parameters cannot influence filesystem paths.", "Restrict access to the OSIM instance by requiring authentication and by applying path\u2011based access controls to limit exposure of sensitive directories."], "summary": {"action": "Apply Patch", "impact": "Directory Traversal \u2013 Potential Local File Access"}, "threat_synthesis": {"affected_systems": "Red Hat Open Security Issue Management (OSIM) versions earlier than 2025.9.0 are affected. Users of these releases should verify their installed version against the stated cutoff.", "description_and_impact": "The vulnerability arises from the concatenation of the $uri and $args variables in the Nginx configuration file of Open Security Issue Management (OSIM). This concatenation allows an attacker to craft query parameters that traverse directory boundaries, leading to a directory traversal flaw (CWE-22). The flaw can enable access to arbitrary files on the filesystem, potentially exposing sensitive data or configuration files.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity, yet the EPSS score is reported as less than 1%, suggesting a low probability of exploitation in the short term. The vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, involving HTTP requests that supply crafted query parameters to the Nginx server. Successful exploitation would require the attacker to reach the OSIM instance and supply the malicious parameters, after which the server may serve files outside the intended directory scope."}}}}, "created": "2026-01-30T08:43:00.175239+00:00", "updated": "2026-04-18T14:45:03.122125+00:00", "vendors": ["redhat", "redhat$PRODUCT$osim"]}