2026-03-27 14:54:53
tenable
PUBLISHED
The POST /api/v2/files endpoint does not sanitize the filename parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences (../).