CVE-2026-41412 | alfio-event alf.io up to 2.0-M5-2605 postFileAndSaveResponse path traversal (GHSA-6m62-53cw-4373)

Inserito da Angelo Barbosa | Giu 3, 2026 | CVE

A vulnerability was found in alfio-event alf.io up to 2.0-M5-2605. It has been declared as critical. Affected by this vulnerability is the function postFileAndSaveResponse. Executing a manipulation can lead to path traversal.

This vulnerability appears as CVE-2026-41412. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-41412 | alfio-event alf.io up to 2.0-M5-2605 postFileAndSaveResponse path traversal (GHSA-6m62-53cw-4373)

Post correlati

CVE-2025-14816 | Mitsubishi Electric MC Works64 cleartext storage in gui

CVE-2024-8135 | Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310 pkg/token/token.go Sign config.key hard-coded credentials

CVE-2025-56200 | Validator.js up to 13.15.15 isURL redirect

CVE-2024-22143 | WP Spell Check Plugin up to 9.17 on WordPress cross-site request forgery