A vulnerability classified as problematic was found in OpenWrt up to 25.12.4. Affected by this issue is the function fnmatch of the file session.c of the component Download Handler. Such manipulation of the argument requested leads to relative path traversal.

This vulnerability is listed as CVE-2026-62947. The attack may be performed from remote. There is no available exploit.