CVE-2026-5027 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 27, 2026
Application - Path Traversal
Published: March 27, 2026Updated: March 27, 2026Remote Exploitable
Overview
The application contains a path traversal vulnerability caused by unsanitized 'filename' parameter in the 'POST /api/v2/files' multipart form data, letting attackers write files to arbitrary filesystem locations, exploit requires crafted request.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers can write files to arbitrary locations, potentially leading to system compromise or data tampering.
Mitigation
Sanitize the 'filename' parameter to prevent path traversal or update to the latest secure version.
Related Resources
Details
- CVE ID
- CVE-2026-5027
- Severity
- High
- CVSS Score
- 8.8
- Type
- path_traversal
- Status
- new
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H