What is the CVSS score of CVE-2026-41419?

CVE-2026-41419 has a CVSS 3.1 base score of 7.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L. EPSS exploitation probability: 0.0%.

4ga Boards CVE-2026-41419

Q: Which versions of 4ga Boards are affected by CVE-2026-41419?

4ga Boards versions before 3.3.5 contain a path traversal vulnerability that allows authenticated users with board import privileges to extract sensitive files from the server, including credentials…. A patch is available.

EUVD-2026-25613 HIGH

Path Traversal (CWE-22)

2026-04-24 GitHub_M

Path Traversal

7.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch released

Apr 27, 2026 - 19:10 nvd

Patch available

Re-analysis Queued

Apr 27, 2026 - 14:22 vuln.today

cvss_changed

Patch available

Apr 24, 2026 - 21:02 EUVD

Analysis Generated

Apr 24, 2026 - 19:45 vuln.today

EUVD ID Assigned

Apr 24, 2026 - 19:15 euvd

EUVD-2026-25613

Analysis Generated

Apr 24, 2026 - 19:15 vuln.today

CVE Published

Apr 24, 2026 - 18:50 nvd

HIGH 7.6

DescriptionNVD

4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitrary host files as board attachments during BOARDS archive import. Once imported, the file can be downloaded through the normal application interface, resulting in unauthorized local file disclosure. This vulnerability is fixed in 3.3.5.

AnalysisAI

Path traversal in 4ga Boards before 3.3.5 allows authenticated users with board import privileges to force the server to read and expose arbitrary local files as board attachments during BOARDS archive import. Attackers can then download sensitive host files (configuration files, credentials, application source code) through the normal download interface. …

RemediationAI

Within 24 hours: Identify all 4ga Boards installations and document current versions; restrict board import privileges to only essential administrative users. Within 7 days: Contact 4ga vendor to confirm patch availability timeline and ETA for version 3.3.5 or later; implement network monitoring for unusual file downloads from board attachments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41419 vulnerability details – vuln.today

Back