CVE-2026-2216 | rachelos WeRSS we-mp-rss up to 1.4.8 apis/tools.py download_export_file filename path traversal

Inserito da Angelo Barbosa | Feb 8, 2026 | CVE

A vulnerability classified as critical was found in rachelos WeRSS we-mp-rss up to 1.4.8. Impacted is the function download_export_file of the file apis/tools.py. Executing a manipulation of the argument filename can lead to path traversal.

This vulnerability is tracked as CVE-2026-2216. The attack can be launched remotely. Moreover, an exploit is present.

CVE-2026-2216 | rachelos WeRSS we-mp-rss up to 1.4.8 apis/tools.py download_export_file filename path traversal

Post correlati

CVE-2026-20986 | Samsung Chinese Samsung Members 15.5.05.4 path traversal

CVE-2024-53259 | quic-go up to 0.48.1 IP_PMTUDISC_DO denial of service

CVE-2024-34406 | McAfee Security Antivirus VPN up to 8.2.x on Android Deeplink denial of service

CVE-2023-6145 | Softomi Advanced C2C Marketplace Software prior 12122023 sql injection