Vendor
high
advisory
Heym Path Traversal Vulnerability in File Upload Endpoint (CVE-2026-45225)
2 rules 1 TTP 1 CVEHeym before 0.0.21 is vulnerable to path traversal, allowing authenticated users to write attacker-controlled files to arbitrary locations by exploiting the unvalidated filename parameter in the upload_file() handler (CVE-2026-45225).
Heym +1
path-traversal
file-upload
CVE-2026-45225
2r
1t
1c
high
threat
Heym Sandbox Escape Vulnerability (CVE-2026-45227)
2 rules 2 TTPs 1 CVEHeym before 0.0.21 is vulnerable to a sandbox escape (CVE-2026-45227) in the custom Python tool executor, allowing authenticated workflow authors to bypass restrictions and execute arbitrary host commands as the backend service user.
Heym
sandbox-escape
python
code-execution
2r
2t
1c
high
advisory
Heym Authorization Bypass Vulnerability CVE-2026-45226
2 rules 1 TTP 1 CVEHeym before 0.0.21 contains an authorization bypass vulnerability (CVE-2026-45226) that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs, leading to exposure of outputs and unintended side effects.
Heym
authorization-bypass
workflow-execution
cve
2r
1t
1c