CVE-2026-35174 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 6, 2026
Chyrp Lite - Path Traversal
Published: April 6, 2026Updated: April 6, 2026Remote Exploitable
Overview
Chyrp Lite < 2026.01 contains a path traversal caused by improper validation of uploads path in the administration console, letting administrators or users with Change Settings permission read and overwrite arbitrary files, exploit requires Change Settings permission.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Authorized users can read sensitive files and overwrite system files, potentially leading to remote code execution and full system compromise.
Mitigation
Update to version 2026.01 or later.
Related Resources
Details
- CVE ID
- CVE-2026-35174
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- path_traversal
- Status
- new
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H