< ciso
brief />
Tag Banner

All news with #path traversal tag

44 articles

CISA Adds Four Newly Exploited Vulnerabilities

๐Ÿ›ก๏ธ The US Cybersecurity and Infrastructure Security Agency (CISA) added four vulnerabilities to its Known Exploited Vulnerabilities catalog, citing active exploitation. The flaws include critical Adobe ColdFusion path traversal (CVE-2026-48282), Joomlack Page Builder improper access control (CVE-2026-56290), Langflow authorization bypass (CVE-2026-55255), and JoomShaper SP Page Builder unrestricted file upload (CVE-2026-48908). Exploitation observed ranged from immediate post-disclosure attacks to targeted campaigns stealing credentials and deploying web shells. Agencies are urged to apply patches by July 10, 2026.
read more โ†’

DifyTap vulnerabilities expose cross-tenant AI data

๐Ÿ›ก๏ธ Cybersecurity researchers disclosed four vulnerabilities in Dify, an open-source agentic workflow platform, that could let attackers read AI conversations across tenants without authentication. Codenamed DifyTap by Zafran Security, two flaws are critical and three enable cross-tenant impact on Dify's multi-tenant cloud service. Issues include authorization bypasses, path traversal to internal Plugin Daemon APIs, and file preview leaks. Patches were released in v1.14.2 for all but one flaw, with the remaining fix forthcoming.
read more โ†’

Path Traversal Vulnerability in Schneider Electric RTUs

๐Ÿ”’ Schneider Electric EasyLogic T150 and Saitel DP devices contain a CWE-22 Path Traversal vulnerability that can allow unauthorized access to sensitive files when server-side file path processing mishandles user input. Affected firmware versions include EasyLogic T150 <=11.06.31 and Saitel DP <=11.06.36. Remediations include firmware updates to 11.06.32 for EasyLogic T150 and 11.06.37 for Saitel DP; contact Schneider Electric Customer Care to obtain downloads and reboot devices after installing. CISA recommends network isolation, strict credential controls, and defensive measures for ICS devices.
read more โ†’

Attackers Exploit Multiple Fortinet FortiSandbox Bugs

๐Ÿ” Threat intelligence firm Defused Cyber reports active exploitation of three high-severity Fortinet FortiSandbox vulnerabilities observed within 24 hours. The flaws โ€” CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 โ€” are high-severity (CVSS 9.1) issues involving path traversal and OS command injection that can enable unauthenticated attackers to bypass authentication or execute commands. Fortinet issued patches for the first two in April 2026 and fixed the third last week; defenders are cautioned to apply updates promptly.
read more โ†’

Langflow path traversal allows remote code execution

๐Ÿšจ Enterprises using the open-source AI orchestration platform Langflow are urged to apply a patch for a high-severity path traversal flaw that enables arbitrary file writes and, in some environments, remote code execution. The vulnerability stems from improper handling of uploaded filenames at the /api/v2/files endpoint and was fixed in version 1.9.0, though exploitation has been observed in the wild. Public proof-of-concept code and exposed instances increase risk for unpatched deployments.
read more โ†’

Path traversal in Langflow exploited to write files

๐Ÿ›ก๏ธ A high-severity path traversal flaw (CVE-2026-5027) in the AI development platform Langflow is being actively exploited to write arbitrary files to exposed servers. Tenable discovered the issue, which stems from unsanitized filenames in the POST /api/v2/files endpoint, and disclosed it on March 27, 2026. Patches were released in langflow-base 0.8.3 and Langflow 1.9.0, and users are urged to upgrade to version 1.10.0.
read more โ†’

High-severity Langflow path traversal under active exploit

๐Ÿ”’ A critical path traversal flaw, CVE-2026-5027 (CVSS 8.8), in the open-source Langflow low-code AI platform is being actively exploited, per VulnCheck. The issue stems from unsanitized 'filename' input to the POST /api/v2/files endpoint, allowing attackers to write files to arbitrary filesystem locations. Tenable attempted multiple responsible disclosures before public details were released in late March 2026. Public exposure of roughly 7,000 Langflow instances increases exploitation risk across North America and beyond.
read more โ†’

SAP patches critical NetWeaver and Commerce Cloud flaws

๐Ÿ”’ SAP released its June 2026 security update addressing 15 vulnerabilities, including four critical issues affecting SAP NetWeaver and SAP Commerce Cloud. The critical flaws include XML Signature Wrapping (CVE-2026-44748), a memory corruption bug (CVE-2026-27671), a Spring Security-related issue (CVE-2026-22732), and a directory traversal in the Java web container (CVE-2026-40128). Organizations should prioritize patching these high-impact defects immediately.
read more โ†’

ABB Camera Connect VLC Component Vulnerabilities

๐Ÿ”” ABB disclosed that several vulnerabilities exist in the VLC media player component delivered with older ABB Ability Camera Connect installers (โ‰ค 1.5.0.14). An update (Camera Connect 1.5.0.15) and standalone VLC updates are available to remediate multiple memory-corruption and path-related issues. ABB notes that most deployments are air-gapped and isolated, which significantly reduces exposure and remote exploitability, but recommends applying updates at the earliest convenience.
read more โ†’

ABB CoreSense Path Traversal Fixed in New Updates Released

๐Ÿ”’ ABB published updates addressing a path traversal vulnerability (CWE-22, CVSS v3 7.1) affecting CoreSense HM and CoreSense M10. The flaw allowed unauthenticated local users to access restricted directories and could lead to full system compromise and sensitive data exposure. ABB fixed the issue in CoreSense HM v2.3.4 and CoreSense M10 v1.4.1.31 and recommends applying the update promptly. CISA republished the vendor advisory and advises network isolation, strict input validation, and restricting local host access to authorized users.
read more โ†’

Critical RCE and Data-Leak Flaws in SEPPMail Gateway

๐Ÿ”’ InfoGuard Labs disclosed multiple critical vulnerabilities in SEPPMail Secure E-Mail Gateway that allow unauthenticated remote code execution, path traversal, deserialization flaws, and exposure of sensitive server data. Researchers demonstrated an exploit chain leveraging the LFT path traversal (CVE-2026-2743) to overwrite syslog configuration and obtain a Perl reverse shell, enabling full appliance takeover and mail interception. SEPPmail has released fixes across versions 15.0.2.1, 15.0.3 and 15.0.4 and urges administrators to apply updates immediately.
read more โ†’

Siemens ROS# Path Traversal Vulnerability โ€” Update to 2.2.2

๐Ÿ”’ A path traversal flaw exists in the ROS# file_server prior to 2.2.2, allowing attackers to read and write arbitrary files accessible to the account running the service. The issue arises from improper input sanitization and is tracked as CWE-23 with a CVSS v3 score of 9.1. Siemens released 2.2.2 as the vendor fix and recommends immediate updates. Temporary mitigations include running the service only on trusted networks and with restricted user rights.
read more โ†’

Hitachi Energy PCM600 Zip-Slip Vulnerability and Guidance

โš ๏ธ Hitachi Energy reported a directory traversal vulnerability (CVE-2018-1002208) affecting PCM600 product lines, including legacy 2.11 and several 3.x releases. The flaw resides in an affected SharpZipLib component (pre-1.0 RC1) and allows crafted ZIP archives to write files outside intended extraction directories, creating an integrity risk. Hitachi Energy recommends migrating to maintained 3.x builds, following vendor guidance and immediate mitigations such as network isolation, removal of default credentials, and secure remote access while awaiting a planned 3.1 SP4 update.
read more โ†’

ABB PCM600 Path Traversal Vulnerability (CVE-2018-1002208)

โš ๏ธ A path traversal vulnerability in ABB PCM600 (CVE-2018-1002208) could allow an attacker to deliver specially crafted messages to a system node, resulting in insertion and execution of arbitrary code. Affected releases are PCM600 versions >=1.5 and <=2.13; ABB released a fix in PCM600 2.14 (note: RE_630 relays are incompatible with 2.14). CISA rates the issue CVSS 3.1 4.4 (AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N), notes exploitation is not remotely trivial, and recommends applying the vendor update or, where immediate upgrade is impractical, applying system-level and network mitigations such as segmentation, firewalls, and updated VPNs.
read more โ†’

Critical Path Traversal in Intrado 911 Emergency Gateway

โš ๏ธ CISA warns of a critical path traversal vulnerability (CVE-2026-6074) in Intrado 911 Emergency Gateway that can expose the EGW management interface to unauthenticated access from an attacker with network access. The flaw enables reading, modifying, or deleting files and has a CVSS v3.1 base score of 9.8. Intrado released an update on March 2, 2026; organizations should apply the vendor patch immediately. Apply CISA guidance to minimize internet exposure and contact E911Support@intrado.com for vendor coordination.
read more โ†’

LangChain path traversal bug raises AI pipeline risks

๐Ÿ›ก๏ธ Cyera researchers warn that insufficient input validation in AI orchestration tools can expose sensitive enterprise data. A newly disclosed path traversal flaw in LangChain (CVE-2026-34070) lets crafted input resolve paths outside intended directories and read arbitrary host files. Cyera analyzed that alongside an earlier unsafe deserialization issue (CVE-2025-68664) and a SQL injection affecting LangGraph checkpointing (CVE-2025-67644), showing how each flaw maps to distinct data exposures. Maintainers have released fixes; organizations should apply patches and adopt allowlists, sandboxing, safe deserialization practices, and parameterized queries immediately.
read more โ†’

LangChain and LangGraph Flaws Expose Files and Secrets

๐Ÿ”’ Researchers disclosed three vulnerabilities in LangChain and LangGraph that can expose filesystem files, environment secrets, and conversation history. The flaws โ€” a path traversal, insecure deserialization, and an SQL injection โ€” provide independent attack paths enabling exfiltration of Docker configs, API keys, and stored chats. Patches are available for the affected packages and organizations are urged to update immediately and audit prompt templates, deserialization paths, and checkpoint metadata.
read more โ†’

Ubiquiti patches UniFi flaw that may enable takeover

๐Ÿ”’ Ubiquiti has released patches for two vulnerabilities in the UniFi Network application, including a maximum-severity path traversal flaw tracked as CVE-2026-22557. The path traversal affects versions up to 10.1.85 and is addressed in 10.1.89 and later; a separate authenticated NoSQL injection that could enable privilege escalation has also been fixed. Administrators should update to 10.1.89 or later and apply vendor fixes to mitigate account takeover and escalation risks.
read more โ†’

Trend Micro patches critical Apex One RCE flaws for Windows

โš ๏ธ Trend Micro has released patches for two critical Apex One management console vulnerabilities (CVE-2025-71210 and CVE-2025-71211) that enable path traversal leading to remote code execution on Windows systems. The fixes are included in SaaS updates and Critical Patch Build 14136, which also addresses high-severity agent issues on Windows and macOS. Exploitation requires access to the management console, so externally exposed consoles should apply source restrictions and other access controls. Customers are urged to install updates promptly to reduce risk.
read more โ†’

Valmet DNA Engineering Web Tools Vulnerability Overview

๐Ÿ›ก๏ธ An unauthenticated attacker can exploit a path traversal vulnerability in Valmet DNA Engineering Web Tools (CVE-2025-15577) by manipulating the web maintenance services URL to obtain arbitrary file read access. The issue is an instance of Improper Limitation of a Pathname to a Restricted Directory (CWE-22) and is rated CVSS 3.1 8.6 (High). Valmet has released a fix and recommends customers contact their automation customer service for remediation assistance. CISA advises reducing internet exposure for control system devices, isolating networks behind firewalls, and applying defense-in-depth controls.
read more โ†’