Tag
A file overwrite vulnerability (CVE-2026-39942) exists in Directus versions prior to 11.17.0, where an attacker can overwrite another user's files by manipulating the filename_disk parameter in the PATCH /files/{id} endpoint, potentially leading to data corruption or privilege escalation.