CVE-2026-7680 | jsbroks COCO Annotator up to 0.11.1 Data Endpoint datasets.py folder path traversal

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability labeled as critical has been found in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal.

This vulnerability is tracked as CVE-2026-7680. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-7680 | jsbroks COCO Annotator up to 0.11.1 Data Endpoint datasets.py folder path traversal

Post correlati

CVE-2025-12924 | rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224 BankController.java GlobalResult authorization (Issue 198)

CVE-2024-11892 | Accordion Slider Lite Plugin up to 1.5.1 on WordPress cross site scripting

CVE-2024-5062 | zenml-io zenml up to 0.57.x Survey cross site scripting

CVE-2025-54667 | myCred Plugin up to 2.9.4.3 on WordPress race condition