CVE-2026-4044 | projectsend up to r1945 Delete /import-orphans.php realpath files[] path traversal

Inserito da Angelo Barbosa | Mar 12, 2026 | CVE

A vulnerability marked as critical has been reported in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files[] results in path traversal.

This vulnerability is known as CVE-2026-4044. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4044 | projectsend up to r1945 Delete /import-orphans.php realpath files[] path traversal

Post correlati

CVE-2025-31260 | Apple macOS up to 15.4 App permission

CVE-2025-0370 | gn_themes WP Shortcodes Plugin up to 7.3.3 on WordPress cross site scripting

CVE-2025-27821 | Apache HDFS Native Client up to 3.4.1 URI Parser out-of-bounds write

CVE-2024-8145 | ClassCMS 4.8 Article /index.php/admin Title cross site scripting