← voltar
CVE-2026-11917

ThinManager® - Path Traversal via API

CVSS 7.2 HIGHCWE-22
Vexday Risk Score
18Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.2EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A path traversal security issue exists within Rockwell Automation ThinManager® software due to improper limitation of file save operations within the API. An authenticated attacker could exploit this vulnerability to write arbitrary files to restricted system directories outside of the application's intended directory.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N