CVE-2026-3089 | Actual Sync Server up to 26.2.1 /sync/upload-user-file path traversal

Inserito da Angelo Barbosa | Mar 9, 2026 | CVE

A vulnerability described as critical has been identified in Actual Sync Server up to 26.2.1. This affects an unknown function of the file /sync/upload-user-file. The manipulation results in path traversal.

This vulnerability is known as CVE-2026-3089. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.

CVE-2026-3089 | Actual Sync Server up to 26.2.1 /sync/upload-user-file path traversal

Post correlati

CVE-2024-1940 | themefusecom Brizy Plugin up to 2.4.41 on WordPress cross site scripting

CVE-2024-30340 | Foxit PDF Reader Annotation out-of-bounds

CVE-2025-5736 | TOTOLINK X15 1.0.0-B20230714.1105 HTTP POST Request /boafrm/formNtp submit-url buffer overflow

CVE-2024-3891 | Happy Addons for Elementor Plugin up to 3.10.5 on WordPress HTML Tag cross site scripting