A vulnerability was found in Mockoon up to 9.6.x. It has been declared as problematic. Affected by this vulnerability is the function getSafeFilePath of the file packages/commons-server/src/libs/server/server.ts of the component File Path Validator. Executing a manipulation of the argument filePath can lead to relative path traversal.

This vulnerability appears as CVE-2026-59149. The attack may be performed from remote. There is no available exploit.