Vulnerabilities

CVE-2026-5027

by Fred · 27/03/2026

The ‘POST /api/v2/files’ endpoint does not sanitize the ‘filename’ parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences (‘../’).

More information : https://www.tenable.com/security/research/tra-2026-26

Similar

Tags: Cybersecurity Alert