{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23989", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-19T18:49:20.657Z", "datePublished": "2026-02-06T18:28:25.075Z", "dateUpdated": "2026-02-06T18:52:19.409Z"}, "containers": {"cna": {"title": "REVA Public Link Exploit", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/opencloud-eu/reva/security/advisories/GHSA-9j2f-3rj3-wgpg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/opencloud-eu/reva/security/advisories/GHSA-9j2f-3rj3-wgpg"}, {"name": "https://github.com/opencloud-eu/reva/commit/95aa2bc5d980eaf6cc134d75782b4f5ac7b36ae1", "tags": ["x_refsource_MISC"], "url": "https://github.com/opencloud-eu/reva/commit/95aa2bc5d980eaf6cc134d75782b4f5ac7b36ae1"}], "affected": [{"vendor": "opencloud-eu", "product": "reva", "versions": [{"version": "< 2.40.3", "status": "affected"}, {"version": ">= 2.41.0, < 2.42.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T18:28:25.075Z"}, "descriptions": [{"lang": "en", "value": "REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the \"Reva\" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the \"archiver\" service this can be leveraged to create an archive (zip or tar-file) containing all resources that this creator of the public link has access to. This vulnerability is fixed in 2.42.3 and 2.40.3."}], "source": {"advisory": "GHSA-9j2f-3rj3-wgpg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T18:51:52.147279Z", "id": "CVE-2026-23989", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T18:52:19.409Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23989", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T18:51:52.147279Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T18:52:10.574Z"}}], "cna": {"title": "REVA Public Link Exploit", "source": {"advisory": "GHSA-9j2f-3rj3-wgpg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "opencloud-eu", "product": "reva", "versions": [{"status": "affected", "version": "< 2.40.3"}, {"status": "affected", "version": ">= 2.41.0, < 2.42.3"}]}], "references": [{"url": "https://github.com/opencloud-eu/reva/security/advisories/GHSA-9j2f-3rj3-wgpg", "name": "https://github.com/opencloud-eu/reva/security/advisories/GHSA-9j2f-3rj3-wgpg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/opencloud-eu/reva/commit/95aa2bc5d980eaf6cc134d75782b4f5ac7b36ae1", "name": "https://github.com/opencloud-eu/reva/commit/95aa2bc5d980eaf6cc134d75782b4f5ac7b36ae1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the \"Reva\" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the \"archiver\" service this can be leveraged to create an archive (zip or tar-file) containing all resources that this creator of the public link has access to. This vulnerability is fixed in 2.42.3 and 2.40.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T18:28:25.075Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23989", "state": "PUBLISHED", "dateUpdated": "2026-02-06T18:52:19.409Z", "dateReserved": "2026-01-19T18:49:20.657Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-06T18:28:25.075Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:heinlein:opencloud_reva:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F5764DF-7B45-4D7D-93E2-82C09B09EE57", "versionEndExcluding": "2.40.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:heinlein:opencloud_reva:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BDFF093-EF44-4D55-8D49-B32725E6AAFF", "versionEndExcluding": "2.42.3", "versionStartIncluding": "2.41.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the \"Reva\" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the \"archiver\" service this can be leveraged to create an archive (zip or tar-file) containing all resources that this creator of the public link has access to. This vulnerability is fixed in 2.42.3 and 2.40.3."}], "id": "CVE-2026-23989", "lastModified": "2026-02-24T20:57:55.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-06T19:16:08.470", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/opencloud-eu/reva/commit/95aa2bc5d980eaf6cc134d75782b4f5ac7b36ae1"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/opencloud-eu/reva/security/advisories/GHSA-9j2f-3rj3-wgpg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T22:34:54.228771+00:00", "value": {"mitigation_remediation": ["Upgrade Reva to version 2.42.3 or 2.40.3 (or later) to apply the fixed authorization check in the GRPC middleware.", "If public link sharing is not essential, disable it to eliminate the attack surface.", "Monitor archive creation logs for unusual activity and ensure that only authorized users and services can invoke the archiver function."], "summary": {"action": "Apply Patch", "impact": "Authorization bypass that enables attackers to arbitrarily download all resources associated with a public link creator"}, "threat_synthesis": {"affected_systems": "The flaw affects the Reva interoperability platform from OpenCloud EU. Any deployment of Reva versions older than 2.42.3 or 2.40.3 that exposes public link functionality is vulnerable.", "description_and_impact": "A fault in the GRPC authorization middleware of the Reva component lets a malicious user skip the scope check that protects public links. By targeting the archiver service, an attacker can generate a zip or tar file that contains every file and resource the public link creator can access. This grants the attacker unrestricted read access to the link owner's data, allowing wide\u2011scale data exfiltration and exposure of confidential material.", "risk_and_exploitability": "The CVSS score of 8.2 signals a high severity, while the EPSS score of less than 1% indicates a very low current likelihood of exploitation. The vulnerability is not reported in the CISA KEV catalog, suggesting no known active exploitation. Exploit requires only an attacker to supply a valid public link ID to the archiver service; no elevated privileges are needed. Once triggered, the attacker can repeatedly request archives to harvest all data linked to the public link creator."}}}}, "created": "2026-02-09T10:49:55.922734+00:00", "updated": "2026-04-17T22:45:29.920681+00:00", "vendors": ["opencloud-eu", "opencloud-eu$PRODUCT$reva"]}