Skip to main content

Allegra EUVDEUVD-2026-36633

| CVE-2026-11442 MEDIUM
Path Traversal (CWE-22)
2026-06-12 zdi GHSA-p625-mq37-453v
6.5
CVSS 3.0 · Vendor: zdi
Share

Severity by source

Vendor (zdi) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-accessible endpoint requires low-privilege authentication; path traversal yields only file read with no write or availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (zdi).

CVSS VectorVendor: zdi

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 23:50 vuln.today

DescriptionCVE.org

Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability.

The specific flaw exists within the exportReport method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-28208.

AnalysisAI

Directory traversal in Allegra's exportReport method exposes arbitrary server-side files to authenticated remote attackers, operating in the context of the underlying service account. The flaw affects all tracked versions per the CPE wildcard (cpe:2.3:a:allegra:allegra:*), with Alltena's 9.0.0 release notes referencing the fix. No public exploit code or CISA KEV listing has been identified at time of analysis, and no EPSS data was provided, but the CVSS 6.5 rating reflects a meaningful confidentiality risk for any internet-facing Allegra deployment where user accounts may be broadly provisioned.

Technical ContextAI

Allegra is a project and issue tracking platform developed by Alltena. The vulnerability resides in the exportReport method, which accepts a user-supplied path parameter and passes it to file system operations without sanitizing directory traversal sequences (e.g., '../'). This is a classic CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) flaw. The CPE string cpe:2.3:a:allegra:allegra:*:*:*:*:*:*:*:* with a wildcard version component indicates all releases prior to the fix are affected. Because the read operation executes as the service account, the breadth of disclosure depends on the OS-level permissions of that account - potentially exposing configuration files, credentials, private keys, or other application data on the host.

RemediationAI

The primary remediation is to upgrade Allegra to version 9.0.0 or later, as indicated by the Alltena release notes at https://alltena.com/en/resources/release-notes/release-notes-for-release-9-0-0/. The fix version is inferred from the advisory reference and has not been independently verified as explicitly patching this CVE - administrators should confirm with Alltena support. If immediate upgrade is not possible, restrict access to the exportReport functionality at the network or application layer by limiting which user roles or groups can invoke report export operations. Additionally, running the Allegra service under a least-privilege OS account (rather than a broad service account) will reduce the blast radius of any traversal by limiting which files on the host are readable. Placing Allegra behind an authenticated reverse proxy with strict access controls for external users adds a compensating layer but does not eliminate the flaw for insider threat scenarios.

Share

EUVD-2026-36633 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy