What is the CVSS score of CVE-2026-0805?

CVE-2026-0805 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Crafty Controller are affected by CVE-2026-0805?

CVE-2026-0805 is a high-severity vulnerability in Crafty Controller's backup component that allows authenticated users to execute arbitrary code and modify files on affected systems.

How to fix or mitigate CVE-2026-0805?

Within 24 hours: Identify all systems running Crafty Controller and restrict administrative access to trusted personnel only. Within 7 days: Implement network segmentation to limit Crafty Controller exposure and enforce strong authentication controls; contact the vendor for patch timeline estimates. Within 30 days: Establish continuous monitoring for suspicious backup configuration changes and file modifications; develop incident response procedures specific to this vulnerability.

Crafty Controller CVE-2026-0805

HIGH

Path Traversal (CWE-22)

2026-01-30 cve@gitlab.com

RCE Path Traversal Crafty Controller

8.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.2 HIGH

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:00 vuln.today

CVE Published

Jan 30, 2026 - 07:16 nvd

HIGH 8.2

DescriptionCVE.org

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

AnalysisAI

Remote code execution in Crafty Controller's Backup Configuration feature results from insufficient path traversal validation, enabling authenticated attackers to manipulate files and execute arbitrary code on affected systems. The vulnerability requires valid credentials and specific conditions to exploit but carries high impact due to its ability to compromise system integrity and confidentiality. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Crafty Controller

Exploit

Upload malicious backup file with path traversal payload

Execution

Traverse directory structure via crafted filename

Impact

Execute arbitrary code during backup restoration

Access

Authenticate to Crafty Controller

Exploit

Upload malicious backup file with path traversal payload

Execution

Traverse directory structure via crafted filename

Impact

Execute arbitrary code during backup restoration

Vulnerability AssessmentAI

Exploitation	Authenticated access to Crafty Controller required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.2 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker (requires authentication) could exploit this vulnerability to compromise the affected system.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Crafty Controller and restrict administrative access to trusted personnel only. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-0805 vulnerability details – vuln.today

Back

Crafty Controller CVE-2026-0805

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code