cvedb.io
CVE-2023-26429
LOW · CVSS 3.5
EPSS exploitation probability: 0%
Published 2023-06-20T08:15:09.230 · Last modified 2026-06-17T05:43:18.920

Summary

Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.

Affected products

open-xchange — open-xchange_appsuite_backend

Does this affect you?

Add your gear to cvedb and we'll alert you only when open-xchange ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.