Project: 
Date: 
2026-June-24
Vulnerability: 
Access bypass
Affected versions: 
<4.2.0
CVE IDs: 
CVE-2026-13239
Description: 

The module adds support for the mirador viewer in WissKI and enables annotations on images via the mirador viewer.

It does not sufficiently check the submitted parameters via a route and writes these to the session object without further checks, which can lead to Access Bypass.

This vulnerability is mitigated by the fact that it is specific to the wisski_mirador submodule.

Solution: 

Install the latest version:

  • If you use the WissKI module version 8.x-4.1, upgrade to WissKI 8.x-4.2
Reported By: 
Fixed By: 
Coordinated By: