CVE-2026-11917
ThinManager® - Path Traversal via API
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.2EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
14 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A path traversal security issue exists within Rockwell Automation ThinManager® software due to improper limitation of file save operations within the API. An authenticated attacker could exploit this vulnerability to write arbitrary files to restricted system directories outside of the application's intended directory.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Rockwell Automation · FactoryTalk ThinManager