Stylemix CVE-2026-28078
MEDIUMSeverity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Stylemix uListing ulisting allows Path Traversal.This issue affects uListing: from n/a through <= 2.2.0.
AnalysisAI
Stylemix uListing versions 2.2.0 and earlier contain a path traversal vulnerability that allows authenticated users with high privileges to access files outside the intended directory structure and read sensitive information. The vulnerability requires valid credentials and does not enable file modification or system disruption, limiting its impact to unauthorized information disclosure.
Technical ContextAI
Classified as CWE-22 (Path Traversal). Affects Stylemix uListing ulisting. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Stylemix uListing ulisting allows Path Traversal.This issue affects uListing: from n/a through <= 2.2.0.
Affected ProductsAI
Product: Stylemix uListing ulisting.
RemediationAI
Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today