LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-33166

CVE-2026-33166 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: March 20, 2026

Allure 2 - Path Traversal

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Allure 2 < 2.38.0 contains a path traversal caused by improper validation of attachment source paths in test result files, letting attackers read arbitrary files during report generation, exploit requires crafted malicious result files.

Severity & Score

Severity: High
CVSS Score: 8.6
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can read sensitive files on the host system, leading to information disclosure.

Mitigation

Upgrade to version 2.38.0 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-33166 - High (8.6) Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33166/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-33166 - High (8.6) Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33166/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-33166 - High (8.6) Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33166/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 20, 2026

šŸŸ  CVE-2026-33166 - High (8.6) Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33166/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-33166
Severity
High
CVSS Score
8.6
Type
path_traversal
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS Score

0.0%Probability of exploitation in the next 30 days