ZDI 2026-06-11

ZDI-26-357: Allegra exportReport Directory Traversal Information Disclosure Vulnerability

CVE-2026-11442

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires authentication and could allow remote information disclosure via a directory traversal in the exportReport functionality.

Context

The affected product is Allegra, specifically its exportReport functionality. The vulnerability is a directory traversal that enables information disclosure. Authentication is required to exploit the vulnerability, as noted in the advisory. The ZDI has assigned a CVSS rating of 6.5, indicating a medium severity impact.

Operator considerations

Check: Verify if Allegra instances are running the affected version with the exportReport feature enabled.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-11442.

Read the full advisory on ZDI →