Skip to main content

EUVD-2026-28472

| CVE-2026-8115 MEDIUM
Path Traversal (CWE-22)
2026-05-07 VulDB GHSA-935g-9rq5-q95c
Path Traversal
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
May 07, 2026 - 23:22 NVD
5.3 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
May 07, 2026 - 23:15 vuln.today
CVE Published
May 07, 2026 - 22:45 nvd
MEDIUM 5.3

DescriptionNVD

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal vulnerability in gyoridavid short-video-maker up to version 1.3.4 allows remote unauthenticated attackers to read arbitrary files on the server by manipulating the tmpFile parameter in REST API requests. The vulnerability exists in the REST API endpoint src/server/routers/rest.ts and has a publicly available proof-of-concept, though it is not currently confirmed as actively exploited in the wild. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-28472 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy