Security Advisory

CVE-2026-5022

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-27 14:34:14

Last updated 2026-03-27 15:10:20

Assigner tenable

State PUBLISHED

Description

The /api/v1/files/images/{flow_id}/{file_name} endpoint does not enforce any authentication or authorization checks, allowing any unauthenticated user to download images belonging to any flow by knowing (or guessing) the flow ID and file name.

← Browse all CVEs View on cve.org ↗