Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Critical Files Overwritten with Malicious Input in Web Admin Tool
CVE-2026-2399
Summary
A weakness in a popular web admin tool could allow an attacker to overwrite critical files by sending malicious input in a specific request. This could lead to data loss or system compromise. Update the tool to the latest version to fix this issue.
Original title
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters th...
Original description
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload.
nvd CVSS4.0
6.9
Vulnerability type
CWE-22
Path Traversal
Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026