The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
Loading...
Loading...
This critical-severity CVE scores 10.0 under NVD CVSS v3. EPSS exploit probability: 1.8%, top 17% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
February 3, 2016
May 6, 2026
Fix landed in Unrud/Radicale commit bcaf452e516c — awaiting tagged release
https://github.com/Unrud/Radicale/commit/bcaf452e516c02c9bed584a73736431c5e8831f1Fix merged in Kozea/Radicale PR #343 on 2015-12-24 — awaiting tagged release
https://github.com/Kozea/Radicale/pull/343| Package | Vulnerable range | Fixed in | Dependents |
|---|---|---|---|
| radicale | 0.10 ... 1.0.1 (18 versions) | 1.1 | — |
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
See which npm, PyPI, Go, and Maven packages are affected by CVE-2015-8747
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.