{"id":"CVE-2026-1616","details":"The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.","modified":"2026-03-14T01:59:57.747119Z","published":"2026-01-29T14:16:13.457Z","references":[{"type":"FIX","url":"https://github.com/RedHatProductSecurity/osim/pull/615"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/RedHatProductSecurity/osim","events":[{"introduced":"0"},{"fixed":"9b935be52893756d3d7e451b2011b95ca9a5876e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2025.9.0"}]}}],"versions":["v2023.11.0","v2023.7.0","v2024.10.0","v2024.11.0","v2024.11.1","v2024.12.0","v2024.12.1","v2024.6.0","v2024.6.1","v2024.6.2","v2024.7.0","v2024.7.1","v2024.7.2","v2024.7.3","v2024.8.0","v2024.9.2","v2025.2.0","v2025.3.0","v2025.3.1","v2025.3.2","v2025.4.0","v2025.4.0-hotfix","v2025.4.0-hotifx","v2025.6.0","v2025.7.0","v2025.7.1","v2025.8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1616.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}