Security Advisory

CVE-2026-5027

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-27 14:54:53

Last updated 2026-03-27 15:11:42

Assigner tenable

State PUBLISHED

Description

The POST /api/v2/files endpoint does not sanitize the filename parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences (../).

← Browse all CVEs View on cve.org ↗