CVE-2023-26126
CVE-2023-26126
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.5EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
10 May 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P
Affected products
n/a · m.static