CVE-2026-2328 Unauthenticated Path Traversal Vulnerability
CVE-2026-2328 describes a vulnerability where an unauthenticated remote attacker can exploit insufficient input validation to access backend components beyond their intended scope via path traversal, leading to the exposure of sensitive information.
CVE-2026-2328 is a critical vulnerability that allows an unauthenticated remote attacker to perform path traversal attacks due to insufficient input validation. This flaw enables unauthorized access to backend components, potentially exposing sensitive information. The vulnerability was published on March 30, 2026, and assigned a CVSS v3.1 score of 7.5. The vulnerability stems from inadequate input sanitization, permitting attackers to manipulate file paths and access restricted areas of the…
Detection coverage 2
Detect Path Traversal Attempts in HTTP Requests
highDetects suspicious HTTP requests containing path traversal sequences.
Detect Access to Sensitive Files via Webserver
criticalDetects web server access to sensitive files like /etc/passwd or web.config
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
1
url