CVE-2026-28373

| EUVD-2026-18801 CRITICAL
2026-04-03 [email protected] GHSA-6c5f-m57x-3368
9.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 03, 2026 - 17:22 euvd
EUVD-2026-18801
Analysis Generated
Apr 03, 2026 - 17:22 vuln.today
CVE Published
Apr 03, 2026 - 17:16 nvd
CRITICAL 9.6

Tags

Path Traversal Apple Microsoft

Description

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem.

Analysis

Stackfield Desktop App before version 1.10.2 for macOS and Windows allows arbitrary file writes to the filesystem through a path traversal vulnerability in its decryption functionality when processing the filePath property. A malicious export file can enable attackers to overwrite critical system or application files, potentially leading to code execution or application compromise without requiring user interaction beyond opening the malicious export.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

48
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +48
POC: 0

Share

CVE-2026-28373 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy