Which versions of Iopaint are affected by CVE-2026-5258?

IOPaint version 1.5.3 contains a critical path traversal vulnerability in its file manager that allows unauthenticated attackers to read, write, or delete arbitrary files on affected systems over the…

Is there a public PoC exploit available for CVE-2026-5258?

Yes, a public proof-of-concept exploit is available for CVE-2026-5258. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-5258?

Within 24 hours: Identify all IOPaint instances running version 1.5.3 in your environment and isolate them from untrusted networks. Within 7 days: Contact Sanster for patch availability status and interim guidance; evaluate alternative file management solutions or temporary network segmentation. Within 30 days: Either deploy a patched version of IOPaint when available, migrate to a supported alternative with equivalent functionality, or implement compensating network controls (WAF rules, IP allowlisting) if operational continuity requires IOPaint 1.5.3 to remain in use.

Iopaint CVE-2026-5258

Q: What is the CVSS score of CVE-2026-5258?

CVE-2026-5258 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-17821 MEDIUM

Path Traversal (CWE-22)

2026-04-01 VulDB

GHSA-qw2j-qjh4-32jw

Path Traversal Iopaint

5.5

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.5 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 01, 2026 - 14:23 vuln.today

Public exploit code

EUVD ID Assigned

Apr 01, 2026 - 07:00 euvd

EUVD-2026-17821

Analysis Generated

Apr 01, 2026 - 07:00 vuln.today

CVE Published

Apr 01, 2026 - 06:45 nvd

MEDIUM 6.9

DescriptionCVE.org

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Path traversal in Sanster IOPaint 1.5.3 File Manager allows unauthenticated remote attackers to read, write, or delete arbitrary files via manipulated filename parameters in the _get_file function. EPSS data unavailable, but publicly available exploit code exists. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	Real-world risk is HIGH despite moderate CVSS 7.3 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An unauthenticated remote attacker identifies an internet-facing IOPaint 1.5.3 instance through port scanning or service fingerprinting. Using the publicly available exploit code from GitHub, the attacker crafts HTTP requests to the file manager endpoint with manipulated filename parameters containing path traversal sequences like '../../../etc/passwd' to read sensitive system files or '../config/database.yml' to exfiltrate application credentials. …
Remediation	No vendor-released patch identified at time of analysis due to vendor non-responsiveness to coordinated disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all IOPaint instances running version 1.5.3 in your environment and isolate them from untrusted networks. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5258 vulnerability details – vuln.today

Back