CVE-2026-5258 | Sanster IOPaint 1.5.3 File Manager file_manager.py _get_file filename path traversal

A vulnerability identified as critical has been detected in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal.

This vulnerability is reported as CVE-2026-5258. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5258 | Sanster IOPaint 1.5.3 File Manager file_manager.py _get_file filename path traversal

Post correlati

CVE-2025-23058 | HPE Aruba Networking ClearPass Policy Manager up to 6.11.9/6.12.3 Web-based Management Interface improper authentication

CVE-2024-54728 | BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 access control

CVE-2024-5268 | Sonos Sonos Era 100 SMB2 Message out-of-bounds

CVE-2024-40348 | Bazaar 1.4.3 /api/swaggerui/static path traversal