A vulnerability, which was classified as problematic, has been found in rejetto HFS up to 3.2.0. Impacted is an unknown function of the component JSON file Handler. Performing a manipulation of the argument lang results in path traversal.
This vulnerability is identified as CVE-2026-61505. The attack can be initiated remotely. There is not any exploit available.