A vulnerability was found in xwiki xwiki-commons up to 16.10.16/17.4.8/17.10.2/18.0.x . It has been declared as critical . This affects an unknown function of the component Ssx/Jsx . The manipulation results in relative path traversal. This vulnerability is cataloged as CVE-2026-23734 . The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.