EUVD-2026-21358
GHSA-2987-f6gf-82vj
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
Analysis
Unauthenticated path traversal in FalkorDB Browser 1.9.3 file upload API enables remote attackers to write arbitrary files to the server filesystem and execute code without authentication. Attack vector is network-accessible with low complexity, requiring no user interaction. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all FalkorDB Browser 1.9.3 instances in production and development environments; immediately restrict network access to the file upload API endpoint using firewall rules or WAF policies to trusted networks only. Within 7 days: Disable the file upload functionality if operationally feasible, or migrate to an alternative product; review access logs for suspicious upload activity or file writes to unexpected directories. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today