Home

Description

A path traversal security issue exists within Rockwell Automation ThinManager® software due to improper limitation of file save operations within the API. An authenticated attacker could exploit this vulnerability to write arbitrary files to restricted system directories outside of the application's intended directory.

PUBLISHED Reserved 2026-06-10 | Published 2026-07-14 | Updated 2026-07-14 | Assigner Rockwell




HIGH: 7.2CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

13.0.0 – 13.0.7, 13.1.0 – 13.1.5, 13.2.0 – 13.2.4, 14.0.0 – 14.0.2
affected

References

www.rockwellautomation.com/...dvisories/advisory.SD1782.html

cve.org (CVE-2026-11917)

nvd.nist.gov (CVE-2026-11917)

Download JSON