Skip to main content

Threatsonar Anti Ransomware CVE-2026-5966

| EUVDEUVD-2026-23799 HIGH
Relative Path Traversal (CWE-23)
2026-04-20 twcert GHSA-544v-v93w-x43g
7.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Analysis Updated
Apr 20, 2026 - 08:29 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 20, 2026 - 08:22 vuln.today
cvss_changed
CVSS changed
Apr 20, 2026 - 08:22 NVD
8.1 (HIGH) 7.2 (HIGH)
Analysis Generated
Apr 20, 2026 - 07:57 vuln.today
EUVD ID Assigned
Apr 20, 2026 - 07:45 euvd
EUVD-2026-23799
Analysis Generated
Apr 20, 2026 - 07:45 vuln.today
CVE Published
Apr 20, 2026 - 07:40 nvd
HIGH 7.2

DescriptionCVE.org

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.

AnalysisAI

Path traversal in TeamT5 ThreatSonar Anti-Ransomware versions ≤4.0.0 allows authenticated remote attackers with web access to delete arbitrary system files, potentially disabling security protections or causing system instability. With CVSS 7.2 (High Integrity and Availability impact), this poses significant risk to security infrastructure despite requiring authentication. EPSS score of 0.31% suggests low immediate exploitation likelihood, and CISA SSVC classifies it as non-automatable with total technical impact but no confirmed exploitation.

Technical ContextAI

ThreatSonar Anti-Ransomware is an endpoint protection platform developed by TeamT5 for detecting and preventing ransomware attacks. This vulnerability stems from CWE-23 (Relative Path Traversal), where the web interface fails to properly sanitize file path inputs. The affected component (cpe:2.3:a:teamt5:threatsonar_anti-ransomware) allows authenticated users to manipulate file path parameters using traversal sequences (e.g., '../') to escape intended directories and target arbitrary filesystem locations. The CVSS 4.0 vector shows High Integrity (VI:H) and Availability (VA:H) impact with no Confidentiality impact (VC:N), reflecting that attackers can delete but not read files. The vulnerability requires low-privilege authentication (PR:L) over network access (AV:N) with low attack complexity (AC:L), making it exploitable by any authenticated web user without specialized conditions.

RemediationAI

Upgrade to ThreatSonar Anti-Ransomware version 4.0.1 or later as recommended in TWCERT advisory TWB26-031. Consult the official TeamT5 vendor advisory linked through TWCERT at https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html for patch distribution channels and deployment guidance. If immediate patching is not feasible, implement these compensating controls with noted trade-offs: Restrict web interface access to dedicated management VLANs or bastion hosts using firewall rules (reduces administrative flexibility but eliminates internet-facing exposure). Enforce multi-factor authentication for all ThreatSonar web console access (increases authentication overhead but raises exploitation difficulty). Enable comprehensive file integrity monitoring on ThreatSonar installation directories and critical system paths to detect unauthorized deletion attempts (provides detection but not prevention, and may generate alert fatigue). Implement principle of least privilege by reviewing and reducing web console user permissions to only necessary administrative roles (may require workflow adjustments but limits attack surface). Monitor web access logs for suspicious path traversal patterns (../, ..\ sequences) and establish alerting thresholds (detection-only, no prevention).

Share

CVE-2026-5966 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy