CVE-2026-1776 | owen2345 Camaleon CMS up to 2.9.0 CamaleonCmsAwsUploader download_private_file File path traversal (f54a77e)

Inserito da Angelo Barbosa | Mar 9, 2026 | CVE

A vulnerability labeled as critical has been found in owen2345 Camaleon CMS up to 2.9.0. The impacted element is the function download_private_file of the component CamaleonCmsAwsUploader. The manipulation of the argument File results in path traversal.

This vulnerability is cataloged as CVE-2026-1776. The attack may be launched remotely. There is no exploit available.

It is advisable to implement a patch to correct this issue.

CVE-2026-1776 | owen2345 Camaleon CMS up to 2.9.0 CamaleonCmsAwsUploader download_private_file File path traversal (f54a77e)

Post correlati

CVE-2024-45983 | kishan0725 Hospital Management System 6.3.5 cross-site request forgery

CVE-2024-10581 | designinvento DirectoryPress Frontend Plugin up to 2.7.9 on WordPress dpfl_listingStatusChange cross-site request forgery

CVE-2024-37148 | glpi-project glpi up to 10.0.15 sql injection (GHSA-p626-hph9-p6fj)

CVE-2024-4554 | OpenText NetIQ Access Manager up to 5.0.4.0 cross site scripting