Home / Vulnerability Intelligence / CVE-2026-42564

CVE-2026-42564 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: May 11, 2026

jotty·page - Path Traversal

Published: May 11, 2026Updated: May 11, 2026Remote Exploitable

Overview

jotty·page < 1.22.0 contains a path traversal caused by lack of validation on filename parameter in /api/app-icons/[filename], letting unauthenticated attackers read arbitrary files outside intended directory.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Unauthenticated attackers can read arbitrary files outside the intended directory, potentially exposing sensitive data.

Mitigation

Update to version 1.22.0 or later.

References

https://github.com/fccview/jotty/security/advisories/GHSA-7843-gwq8-g96f

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-42564
Severity: High
CVSS Score: 8.2
Type: path_traversal
Status: new

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N