{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/neuroimaging/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-35446"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["directory-traversal","web-application","neuroimaging"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eLORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application designed for data and project management in neuroimaging research. Versions 24.0.0 up to, but not including, 27.0.3 and 28.0.1 contain a directory traversal vulnerability (CVE-2026-35446) in the FilesDownloadHandler. This flaw stems from an incorrect order of operations, potentially enabling an attacker to escape the intended download directories and access sensitive files. Successful exploitation requires authentication and could lead to unauthorized access to sensitive research data. Users are advised to upgrade to versions 27.0.3 or 28.0.1 to mitigate this vulnerability. This vulnerability impacts organizations utilizing LORIS for managing sensitive neuroimaging data, potentially exposing research data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the LORIS web application with valid credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request to the \u003ccode\u003eFilesDownloadHandler\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a manipulated file path designed to traverse directories outside the intended download directory.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eFilesDownloadHandler\u003c/code\u003e processes the request with an incorrect order of operations when validating the file path.\u003c/li\u003e\n\u003cli\u003eThe application bypasses the intended directory restrictions due to the flawed validation process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to files and directories outside of the designated download directory.\u003c/li\u003e\n\u003cli\u003eThe attacker reads sensitive data, including neuroimaging data, project files, or configuration files.\u003c/li\u003e\n\u003cli\u003eThe attacker may exfiltrate sensitive data for malicious purposes, such as espionage or sale on the dark web.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this directory traversal vulnerability (CVE-2026-35446) in LORIS could lead to unauthorized access to sensitive neuroimaging research data. The number of affected organizations is unknown, but any organization using LORIS versions 24.0.0 to before 27.0.3 and 28.0.1 is potentially vulnerable. The impact includes data breaches, intellectual property theft, and potential compromise of patient privacy if patient data is stored within the LORIS system.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade LORIS to version 27.0.3 or 28.0.1 to remediate CVE-2026-35446, as indicated in the overview.\u003c/li\u003e\n\u003cli\u003eImplement the \u0026ldquo;Detect LORIS Directory Traversal Attempt\u0026rdquo; Sigma rule to monitor for suspicious file download requests.\u003c/li\u003e\n\u003cli\u003eReview web server access logs for unusual file download patterns or attempts to access files outside the intended download directories using the file_event log source to detect potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T19:25:24Z","date_published":"2026-04-08T19:25:24Z","id":"/briefs/2026-04-loris-traversal/","summary":"LORIS, a neuroimaging research data management web application, is vulnerable to directory traversal (CVE-2026-35446) due to an incorrect order of operations in the FilesDownloadHandler, allowing authenticated attackers to access unauthorized files.","title":"LORIS Directory Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-loris-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Neuroimaging","version":"https://jsonfeed.org/version/1.1"}