What is the CVSS score of EUVD-2026-12868?

EUVD-2026-12868 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for EUVD-2026-12868?

Yes, a public proof-of-concept exploit is available for EUVD-2026-12868. Prioritise patching immediately. EPSS: 0.0%.

EUVD-2026-12868

| CVE-2026-30345 HIGH

Relative Path Traversal (CWE-23)

2026-03-18 mitre

Information Disclosure

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 27, 2026 - 19:22 vuln.today

cvss_changed

CVSS changed

Apr 27, 2026 - 19:22 NVD

7.5 (HIGH)

EUVD ID Assigned

Mar 18, 2026 - 17:15 euvd

EUVD-2026-12868

Analysis Generated

Mar 18, 2026 - 17:15 vuln.today

CVE Published

Mar 18, 2026 - 00:00 nvd

N/A

DescriptionCVE.org

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import.

AnalysisAI

A zip slip vulnerability exists in CTFd v3.8.1-18-gdb5a18c4's Admin import functionality, allowing attackers to write arbitrary files outside intended directories by supplying a crafted import file. This path traversal vulnerability affects the CTFd Capture-The-Flag platform and can lead to information disclosure and potential remote code execution depending on file placement. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While CVSS and EPSS scores are not available for this CVE, the real-world risk is substantial and should be treated as high priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An administrator with access to the CTFd admin panel uploads a maliciously crafted ZIP file containing an import payload with path traversal sequences (e.g., '../../../app/config.py') that extracts outside the intended import directory. By crafting the ZIP to write a modified config file or Python module to the application root, the attacker achieves arbitrary code execution on the next application restart or module reload. …
Remediation	Immediately upgrade CTFd to version 3.8.2 or later, as confirmed in the official CTFd blog release at https://blog.ctfd.io/ctfd-3-8-2/. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-12868 vulnerability details – vuln.today

Back

EUVD-2026-12868

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Share

External POC / Exploit Code