Cyber Resilience

CVE-2026-3266

High

Published: 03 March 2026

Published
03 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v4 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:I/V:D/RE:M/U:Red
EPSS Score 0.0034 26.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-3266 is a high-severity Missing Authorization (CWE-862) vulnerability in Opentext Filr. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-3266 is a missing authorization vulnerability (CWE-862) in OpenText™ Filr that enables authentication bypass. The flaw allows unauthenticated users to obtain an XSRF token and perform RPC calls using carefully crafted programs. It affects Filr versions through 25.1.2 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, no privileges or user interaction required, and high impacts on confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this vulnerability remotely over the network without privileges or user interaction. By obtaining an XSRF token and crafting RPC requests, they can bypass authentication controls, potentially leading to unauthorized access, data manipulation, or disruption of Filr services.

The Micro Focus security advisory at https://portal.microfocus.com/s/article/KM000045579?language=en_US provides further details on the issue, including recommended mitigations and patches for affected Filr versions. Security practitioners should consult this resource promptly to apply updates and implement workarounds.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a missing authorization flaw in a public-facing web application (OpenText Filr) that enables unauthenticated remote exploitation via crafted RPC calls, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-69311Shared CWE-862
CVE-2026-45438Shared CWE-862
CVE-2025-23477Shared CWE-862
CVE-2025-68834Shared CWE-862
CVE-2026-22663Shared CWE-862
CVE-2024-12544Shared CWE-862
CVE-2024-50967Shared CWE-862
CVE-2025-68059Shared CWE-862
CVE-2025-14070Shared CWE-862
CVE-2026-32498Shared CWE-862

Affected Assets

opentext
filr
≤ 25.1.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly preventing unauthenticated bypass via missing authorization checks on XSRF tokens and RPC endpoints.

prevent

Limits and enforces specific actions allowable without identification or authentication, mitigating exposure of sensitive functions like XSRF token retrieval and RPC to unauthenticated users.

prevent

Requires identification, reporting, and correction of system flaws such as this missing authorization vulnerability, enabling patching to eliminate the authentication bypass.

References