CVE-2026-1616 HIGH

CVE-2026-1616: osim: Path Traversal via query parameters in Nginx configuration

Vendor Red Hat

Product osim

Weakness CWE-22 · Path traversal

Published January 29, 2026

Last update January 29, 2026

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

Description

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.

Key dates

Disclosure timeline

January 29, 2026 CVE published

January 29, 2026 Record updated