Home / Vulnerability Intelligence / CVE-2026-28373

CVE-2026-28373 - Vulnerability Analysis

CriticalCVSS: 9.6

Last Updated: April 3, 2026

Stackfield Desktop App - Path Traversal

Published: April 3, 2026Updated: April 3, 2026Remote Exploitable

Overview

Stackfield Desktop App < 1.10.2 for macOS and Windows contains a path traversal caused by improper handling of the filePath property in decryption functionality, letting attackers write arbitrary files on victim's filesystem, exploit requires crafted malicious export.

Severity & Score

Severity: Critical

CVSS Score: 9.6

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can write arbitrary files to any path on the victim's filesystem, potentially leading to system compromise or data tampering.

Mitigation

Update to version 1.10.2 or later.

References

Social Media Activity(1 post)

/r/netsec

@_r_netsec

Mar 25, 2026

Stackfield Desktop App: RCE via Path Traversal and Arbitrary File Write (CVE-2026-28373) https://www.rcesecurity.com/2026/03/stackfield-desktop-app-rce-via-path-traversal-and-arbitrary-file-write-cve-2026-28373/

View original post

Related Resources

Details

CVE ID: CVE-2026-28373
Severity: Critical
CVSS Score: 9.6
Type: path_traversal
Status: new
EPSS: 0.0%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days