CVE-2026-3266 HIGH

CVE-2026-3266: Improper access control vulnerability has been discovered in OpenText™ Filr.

Vendor Opentext™

Product Filr

Weakness CWE-862 · Missing authorization

Published March 3, 2026

Last update March 4, 2026

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:D/RE:M/U:Red

What the vulnerability does

01Description

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2.

Key dates

02Disclosure timeline

March 3, 2026 CVE published

March 4, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-3266 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-30830 WordPress Cool Author Box plugin <= 2.9.9 - Broken Access Control vulnerability CVE-2025-64261 WordPress Appointment Booking Calendar plugin <= 1.3.95 - Broken Access Control vulnerability CVE-2024-8678 Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update CVE-2025-66113 WordPress Better Chat Support for Messenger plugin <= 1.2.18 - Broken Access Control vulnerability CVE-2024-1862 WooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update