Skip to main content

HBAI-Ltd Toonflow-app CVE-2026-7085

| EUVDEUVD-2026-25768 LOW
Path Traversal (CWE-22)
2026-04-27 cna@vuldb.com
1.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.3 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
CVSS changed
Apr 29, 2026 - 01:12 NVD
2.3 (LOW) 1.3 (LOW)
Analysis Generated
Apr 27, 2026 - 04:31 vuln.today
EUVD ID Assigned
Apr 27, 2026 - 04:22 euvd
EUVD-2026-25768
Analysis Generated
Apr 27, 2026 - 04:22 vuln.today
CVE Published
Apr 27, 2026 - 04:16 nvd
LOW 1.3

DescriptionCVE.org

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the attack remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been publicly disclosed and may be utilized. The real existence of this vulnerability is still doubted at the moment. The vendor explains in a reply to the issue report, that "[t]his interface is used for online updates, and the update URL has been statically compiled in the official code repository. Unless users modify the code, the requested address will be the official source address."

AnalysisAI

Path traversal in HBAI-Ltd Toonflow-app up to version 1.1.1 allows authenticated remote attackers to access files outside intended directories via the url parameter in the downloadApp endpoint (src/routes/setting/about/downloadApp.ts). The vulnerability requires high attack complexity and authenticated access; vendor mitigation notes that the update URL is statically compiled in official code and exploitation would require users to modify source code. Publicly disclosed exploit code exists, but real-world exploitability is disputed by the vendor and remains uncertain.

Share

CVE-2026-7085 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy