Home

Description

An unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, resulting in exposure of sensitive information.

PUBLISHED Reserved 2026-02-11 | Published 2026-03-30 | Updated 2026-03-30 | Assigner CERTVDE




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-790 Improper Filtering of Special Elements

Product status

Default status
unaffected

0.0.0 (semver) before 1.2.2
affected

Default status
unaffected

0.0.0 (semver) before 2.4.2
affected

Credits

Marvin Ramsperger from SySS GmbH finder

References

certvde.com/de/advisories/VDE-2026-010

cve.org (CVE-2026-2328)

nvd.nist.gov (CVE-2026-2328)

Download JSON