CVE-2026-33686 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 26, 2026
Sharp - Path Traversal
Overview
Sharp < 9.20.0 contains a path traversal caused by improper sanitization of file extensions in FileUtil class, letting attackers access arbitrary file paths, exploit requires crafted file names with path separators.
Severity & Score
Impact
Attackers can access or manipulate arbitrary files on the system, potentially leading to data exposure or system compromise.
Mitigation
Upgrade to version 9.20.0 or later.
References
Social Media Activity(2 posts)
š CVE-2026-33686 - High (8.8) Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be... š https://www.thehackerwire.com/vulnerability/CVE-2026-33686/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-33686 - High (8.8) Sharp is a content management framework built for Laravel as a package. Versions prior to 9.20.0 have a path traversal vulnerability in the FileUtil class. The application fails to sanitize file extensions properly, allowing path separators to be... š https://www.thehackerwire.com/vulnerability/CVE-2026-33686/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33686
- Severity
- High
- CVSS Score
- 8.8
- Type
- path_traversal
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H