This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017.
Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 03 Jul 2026 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library). This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017. Users are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue. | |
| Title | Apache Lucene.Net: Unauthenticated arbitrary file read on the Lucene.Net.Replicator replication server | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2026-07-06T17:30:50.057Z
Reserved: 2026-05-20T14:21:24.921Z
Link: CVE-2026-47896
Updated: 2026-07-03T09:08:58.806Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T12:15:06Z