CVE-2026-0805

HIGH
2026-01-30 [email protected]
8.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 30, 2026 - 07:16 nvd
HIGH 8.2

Tags

RCE Path Traversal Crafty Controller

Description

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

Analysis

Remote code execution in Crafty Controller's Backup Configuration feature results from insufficient path traversal validation, enabling authenticated attackers to manipulate files and execute arbitrary code on affected systems. The vulnerability requires valid credentials and specific conditions to exploit but carries high impact due to its ability to compromise system integrity and confidentiality. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all systems running Crafty Controller and restrict administrative access to trusted personnel only. Within 7 days: Implement network segmentation to limit Crafty Controller exposure and enforce strong authentication controls; contact the vendor for patch timeline estimates. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

41
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +41
POC: 0

Share

CVE-2026-0805 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy