CVE-2026-2741 | Vaadin Flow up to 14.14.0/23.6.6/24.9.8/25.0.2 ZIP Node.js path traversal

Inserito da Angelo Barbosa | Mar 10, 2026 | CVE

A vulnerability marked as critical has been reported in Vaadin Flow up to 14.14.0/23.6.6/24.9.8/25.0.2. Affected by this issue is some unknown functionality of the file Node.js of the component ZIP Handler. The manipulation leads to path traversal.

This vulnerability is referenced as CVE-2026-2741. The attack can only be performed from a local environment. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-2741 | Vaadin Flow up to 14.14.0/23.6.6/24.9.8/25.0.2 ZIP Node.js path traversal

Post correlati

CVE-2025-54670 | oik Plugin up to 4.15.2 on WordPress cross site scripting

CVE-2025-14952 | Campcodes Supplier Management System 1.0 /admin/add_category.php txtCategoryName sql injection

CVE-2024-33511 | Aruba ArubaOS 8.10.0.11/8.11.2.2/10.4.1.1/10.5.1.1 Automatic Reporting Service buffer overflow (ARUBA-PSA-2024-004)

CVE-2024-57238 | Prolink 4G LTE Mobile Wi-Fi DL-7203E 4.0.0B05 /reqproc/proc_get order_by sql injection