Arbitrary-File-Read

A critical vulnerability in PraisonAI's `multiedit` tool, affecting versions prior to 4.6.61, enables threat actors to achieve arbitrary file read and write capabilities by influencing LLM agent tool arguments, leading to sensitive data exfiltration and potential remote code execution.

An arbitrary file read vulnerability exists in Vitest when the UI server is listening, especially when exposed to the network, allowing an attacker to read arbitrary files outside the project directory and potentially execute arbitrary scripts.

DreamMaker by Interinfo is vulnerable to arbitrary file read via relative path traversal, allowing unauthenticated attackers to download arbitrary system files.

An authenticated user with workflow creation or modification permissions can inject CLI flags into the Git node's Push operation, leading to arbitrary file read on the n8n server; patched in versions 1.123.43, 2.20.7, and 2.22.1, and tracked as CVE-2026-44790.

The InfusedWoo Pro plugin for WordPress is vulnerable to arbitrary file read in versions up to 5.1.2, allowing unauthenticated attackers to make web requests to arbitrary locations, potentially querying and modifying information from internal services.

CVE-2026-0259 allows a low-privileged user to read sensitive information and delete arbitrary files on Palo Alto Networks WildFire WF-500 and WF-500-B appliances running in the default non-FIPS configuration.

OpenClaw before 2026.4.10 is vulnerable to an arbitrary file read via specially crafted QQBot media tags, allowing attackers to disclose local files through outbound media handling.

The Salon Booking System WordPress plugin is vulnerable to arbitrary file read, allowing unauthenticated attackers to exfiltrate local files by manipulating file-field values in booking confirmation emails.

The openclaw package is vulnerable to arbitrary file read and credential exfiltration due to media local roots self-whitelisting in `appendLocalMediaParentRoots`, allowing a model to initiate arbitrary host file reads, potentially leading to credential exfiltration.

i18next-fs-backend versions before 2.6.4 are vulnerable to path traversal due to insufficient sanitization of the lng and ns values, potentially allowing attackers to read arbitrary files, overwrite files, or execute code if .js or .ts locale files are in use.

changedetection.io is vulnerable to arbitrary local file read due to insufficient validation of snapshot paths restored from backup files, allowing attackers to read sensitive files by crafting a malicious backup archive containing a manipulated `history.txt` file.