{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5027/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["path-traversal","file-upload","cve-2026-5027","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-5027 exposes a critical vulnerability in the \u0026lsquo;POST /api/v2/files\u0026rsquo; endpoint, where the \u0026lsquo;filename\u0026rsquo; parameter within multipart form data is not properly sanitized. This flaw allows an attacker to manipulate the filename by injecting path traversal sequences such as \u0026lsquo;../\u0026rsquo;, leading to the ability to write files to arbitrary locations on the server\u0026rsquo;s filesystem. This vulnerability was reported by Tenable Network Security, Inc. and has a CVSS v3.1 base score of 8.8 (HIGH). Successful…\u003c/p\u003e\n","date_modified":"2026-03-27T15:17:04Z","date_published":"2026-03-27T15:17:04Z","id":"/briefs/2026-03-path-traversal-api/","summary":"The 'POST /api/v2/files' endpoint is vulnerable to path traversal due to improper sanitization of the 'filename' parameter, potentially allowing attackers to write files to arbitrary locations on the filesystem and achieve remote code execution.","title":"Path Traversal Vulnerability in API File Upload Endpoint (CVE-2026-5027)","url":"https://feed.craftedsignal.io/briefs/2026-03-path-traversal-api/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5027","version":"https://jsonfeed.org/version/1.1"}