CVE-2026-3266

Critical

Published: 03 March 2026

Published

03 March 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0016 37.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to system resources, directly preventing unauthenticated bypass via missing authorization checks on XSRF tokens and RPC endpoints.

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Limits and enforces specific actions allowable without identification or authentication, mitigating exposure of sensitive functions like XSRF token retrieval and RPC to unauthenticated users.

SI-2 Flaw Remediation good match

prevent

Requires identification, reporting, and correction of system flaws such as this missing authorization vulnerability, enabling patching to eliminate the authentication bypass.

Security SummaryAI

CVE-2026-3266 is a missing authorization vulnerability (CWE-862) in OpenText™ Filr that enables authentication bypass. The flaw allows unauthenticated users to obtain an XSRF token and perform RPC calls using carefully crafted programs. It affects Filr versions through 25.1.2 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with network accessibility, low attack complexity, no privileges or user interaction required, and high impacts on confidentiality, integrity, and availability.

Unauthenticated attackers can exploit this vulnerability remotely over the network without privileges or user interaction. By obtaining an XSRF token and crafting RPC requests, they can bypass authentication controls, potentially leading to unauthorized access, data manipulation, or disruption of Filr services.

The Micro Focus security advisory at https://portal.microfocus.com/s/article/KM000045579?language=en_US provides further details on the issue, including recommended mitigations and patches for affected Filr versions. Security practitioners should consult this resource promptly to apply updates and implement workarounds.

Details

CWE(s): CWE-862

Affected Products

opentext

filr

≤ 25.1.3

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a missing authorization flaw in a public-facing web application (OpenText Filr) that enables unauthenticated remote exploitation via crafted RPC calls, directly mapping to T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://portal.microfocus.com/s/article/KM000045579?language=en_US
Vendor Advisory · security@opentext.com