We have reproduced an Arbitrary File Read for an internal site of Skype for Business / MS Lync! CVE: CVE-2022-26911 Subdomains: dialin, meet, lyncdiscover, sip, ... Original advisory: https://lab.viettelcybersecurity.com/advisories/VCSA-97 The PoC 3.4K views15:37