{"id":"PYSEC-2026-623","summary":"Cobbler Arbitrary File Read","details":"A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation.","aliases":["CVE-2016-9605","GHSA-4vc9-4xpq-77vm"],"modified":"2026-07-06T08:00:10.408680218Z","published":"2026-07-02T14:13:24.191314Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9605"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9605"},{"type":"PACKAGE","url":"https://github.com/cobbler/cobbler"},{"type":"PACKAGE","url":"https://pypi.org/project/cobbler"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-4vc9-4xpq-77vm"}],"affected":[{"package":{"name":"cobbler","ecosystem":"PyPI","purl":"pkg:pypi/cobbler"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.6.11-1"}]}],"versions":["0.6.3-2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/cobbler/PYSEC-2026-623.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}