Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
ProjectSend has a path traversal vulnerability in Delete Handler
CVE-2026-4044
Summary
ProjectSend, a file sharing tool, has a security flaw that allows hackers to access files they shouldn't. This could lead to unauthorized access to sensitive information. Update to version r1946 or later to fix this issue.
Original title
A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argumen...
Original description
A vulnerability was detected in projectsend up to r1945. This affects the function realpath of the file /import-orphans.php of the component Delete Handler. Performing a manipulation of the argument files[] results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
4.7
nvd CVSS3.1
3.8
nvd CVSS4.0
5.1
Vulnerability type
CWE-22
Path Traversal
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026