https://feed.craftedsignal.io/tags/cve-2026-5027/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 15:17:04 +0000https://feed.craftedsignal.io/briefs/2026-03-path-traversal-api/Fri, 27 Mar 2026 15:17:04 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-path-traversal-api/The 'POST /api/v2/files' endpoint is vulnerable to path traversal due to improper sanitization of the 'filename' parameter, potentially allowing attackers to write files to arbitrary locations on the filesystem and achieve remote code execution.CVE-2026-5027 exposes a critical vulnerability in the ‘POST /api/v2/files’ endpoint, where the ‘filename’ parameter within multipart form data is not properly sanitized. This flaw allows an attacker to manipulate the filename by injecting path traversal sequences such as ‘../’, leading to the ability to write files to arbitrary locations on the server’s filesystem. This vulnerability was reported by Tenable Network Security, Inc. and has a CVSS v3.1 base score of 8.8 (HIGH). Successful…

]]>criticaladvisorypath-traversalfile-uploadcve-2026-5027web-application