DynamicWeb allows attackers to execute code via simple web requests

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

10.0

DynamicWeb allows attackers to execute code via simple web requests

CVE-2026-2731

Summary

DynamicWeb versions 8 and 9, up to certain patches, have a security flaw that allows anyone to execute unauthorized code on the system. This means an attacker can potentially take control of the server, steal data, or disrupt operations. Update to the latest patched version to fix this issue.

Original title

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests

Original description

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests

nvd CVSS4.0 10.0

Vulnerability type

CWE-22 Path Traversal

https://doc.dynamicweb.dev/documentation/fundamentals/dw10release/security-repor...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026