CIVI-SA-2026-16: Path Traversal in Contact Importer

Opublikowane

2026-03-18 12:00

Written by

dev-team

Security Risk

Less Critical

Vulnerability

Other

Affected Versions

CiviCRM v6.12.0 and earlier

Fixed Versions

CiviCRM v6.12.1, v6.10.3 (ESR), and later

Publication Date

2026-03-18 - 12:00

Solutions

Any ONE of the following will mitigate the vulnerability:

Upgrade to a fixed version of CiviCRM, or...
Restrict permission import contacts to administrators

Credits

Lassi (lassitemp@proton.me), Seamus Lee (JMA Consulting), Coleman Watts (CiviCRM)

We are in the process of translating the civicrm.org website. Translations may not be available in all languages. Read more and participate.

© 2005 - 2025, CIVICRM LLC. All rights reserved.
CiviCRM and the CiviCRM logo are trademarks of CIVICRM LLC. Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.

[D10]

CIVI-SA-2026-16: Path Traversal in Contact Importer

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Languages

CIVI-SA-2026-16: Path Traversal in Contact Importer

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM