Skip to main content

STIGQter CVE-2026-42881

| EUVD-2026-30305 HIGH
Path Traversal (CWE-22)
2026-05-14 security-advisories@github.com
RCE Path Traversal
8.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

3
Patch available
May 14, 2026 - 16:01 EUVD
Analysis Generated
May 14, 2026 - 15:32 vuln.today
CVE Published
May 14, 2026 - 15:16 nvd
HIGH 8.4

DescriptionNVD

STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. This requires user interaction: the victim must open the malicious .stigqter file and explicitly run the "Export HTML" action. This vulnerability is fixed in 1.2.7.

AnalysisAI

Path traversal in STIGQter 0.1.2 through 1.2.6 allows local code execution when users open malicious .stigqter files and explicitly run the 'Export HTML' action. The CWE-22 path traversal flaw enables attackers to write arbitrary files with the victim's privileges, achieving code execution. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Notify all STIGQter users to cease opening .stigqter files from untrusted sources and disable the Export HTML feature until patching is complete. Within 7 days: Deploy STIGQter version 1.2.7 across all endpoints; verify deployment via version audit. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-42881 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy