Home / Vulnerability Intelligence / CVE-2026-41693

CVE-2026-41693 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: May 8, 2026

i18next-fs-backend - Path Traversal

Published: May 8, 2026Updated: May 8, 2026Remote Exploitable

Overview

i18next-fs-backend < 2.6.4 contains a path traversal caused by unencoded and unvalidated interpolation of lng and ns options in loadPath/addPath templates, letting attackers read or overwrite arbitrary files, exploit requires attacker to control lng or ns values.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Attackers can read or overwrite arbitrary files on the server, potentially leading to data disclosure or modification.

Mitigation

Upgrade to version 2.6.4 or later.

References

https://github.com/i18next/i18next-fs-backend/security/advisories/GHSA-8847-338w-5hcj

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41693
Severity: High
CVSS Score: 8.2
Type: path_traversal
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N