CVE-2026-1776

Published: Mar 10, 2026 Last Modified: Mar 11, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,0

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0007

Percentile

0,2th

Updated

EPSS Score Trend (Last 7 Days)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: AI/ML

Likelihood of Exploit: High

View CWE Details

https://camaleon.website/

https://github.com/owen2345/camaleon-cms/commit/f54a77e2a7b…

https://github.com/owen2345/camaleon-cms/commit/f54a77e2a7be601215ea1b396038c58…

https://github.com/owen2345/camaleon-cms/pull/1127

https://www.vulncheck.com/advisories/camaleon-cms-aws-uploa…

https://www.vulncheck.com/advisories/camaleon-cms-aws-uploader-authenticated-pa…

CVE-2026-1776

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 7 Days)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter