Skip to main content

Ail Framework

6 CVEs product

Monthly

CVE-2026-59510 HIGH PATCH This Week

Path traversal in AIL Framework's PDF object handling lets an authenticated user read files outside the intended PDF storage directory. The PDF.get_filepath() function joined the configured PDF_FOLDER with an attacker-influenced object identifier without validating the resolved location, so crafted relative traversal sequences or absolute path components could point AIL at arbitrary files readable by the service account, exposing configuration, credentials, or other local secrets. No public exploit identified at time of analysis, and the vendor notes exploitation is only potential because additional errors must be overcome before the traversal executes.

Path Traversal Ail Framework
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.4%
CVE-2026-56450 MEDIUM PATCH This Month

Unlimited OTP brute-force against AIL Framework's two-factor authentication endpoint allows an attacker who already possesses a valid account password to bypass the second authentication factor entirely and gain unauthorized account access. The verify_2fa() route accepted an unbounded number of OTP submissions without incrementing a failure counter or enforcing a lockout, and the implementation uses counter-based HOTP rather than time-limited TOTP, removing the time-window throttle that would otherwise constrain brute-force speed. No public exploit code or CISA KEV listing exists at time of analysis, but the prerequisite of a valid password - obtainable via phishing or credential dumps - makes this a realistic threat against any AIL deployment where 2FA is meant to serve as a meaningful access boundary.

Authentication Bypass Ail Framework
NVD GitHub
CVSS 4.0
5.1
EPSS
0.3%
CVE-2026-56448 HIGH PATCH This Week

Authenticated path traversal in AIL Framework (CIRCL's Analysis Information Leak threat-intel platform) lets a low-privileged user abuse the investigation workflow to read arbitrary files readable by the AIL process and exfiltrate them inside a generated archive. The flaw is fixed in commit 0041456af25da0cdea1c1c4624e46baff2731d8f, and no public exploit is identified at time of analysis. CVSS 4.0 is 8.3 (High), driven by a scope change where the leaked filesystem content is considered subsequent-system confidentiality impact.

Path Traversal Ail Framework
NVD GitHub
CVSS 4.0
8.3
EPSS
0.3%
CVE-2026-56138 MEDIUM PATCH This Month

Path traversal in AIL Framework's `/objects/item/diff` endpoint exposes gzip-compressed server-side files to authenticated users. The Flask blueprint route in `var/www/blueprints/objects_item.py` accepted arbitrary item identifiers via `s1` and `s2` query parameters and attempted to read and compare their contents without first verifying they resolved to legitimate AIL objects, enabling directory traversal sequences to escape the items directory. No active exploitation has been identified at time of analysis; CIRCL reported the issue and an upstream fix is available via a GitHub commit.

Path Traversal Ail Framework
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2026-39416 HIGH PATCH This Week

Stored cross-site scripting in AIL Framework <6.8 allows authenticated high-privilege attackers to inject malicious JavaScript through the modal item preview function. When processing item content exceeding 800 characters, the application returns attacker-controlled content without explicit text/plain content-type headers, enabling browser interpretation as HTML. Successful exploitation executes arbitrary JavaScript in victim browsers viewing crafted items, compromising confidentiality and integrity across system and user contexts. No public exploit identified at time of analysis.

XSS Ail Framework
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2020-8545 HIGH PATCH This Week

Global.py in AIL framework 2.8 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Ail Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Path traversal in AIL Framework's PDF object handling lets an authenticated user read files outside the intended PDF storage directory. The PDF.get_filepath() function joined the configured PDF_FOLDER with an attacker-influenced object identifier without validating the resolved location, so crafted relative traversal sequences or absolute path components could point AIL at arbitrary files readable by the service account, exposing configuration, credentials, or other local secrets. No public exploit identified at time of analysis, and the vendor notes exploitation is only potential because additional errors must be overcome before the traversal executes.

Path Traversal Ail Framework
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Unlimited OTP brute-force against AIL Framework's two-factor authentication endpoint allows an attacker who already possesses a valid account password to bypass the second authentication factor entirely and gain unauthorized account access. The verify_2fa() route accepted an unbounded number of OTP submissions without incrementing a failure counter or enforcing a lockout, and the implementation uses counter-based HOTP rather than time-limited TOTP, removing the time-window throttle that would otherwise constrain brute-force speed. No public exploit code or CISA KEV listing exists at time of analysis, but the prerequisite of a valid password - obtainable via phishing or credential dumps - makes this a realistic threat against any AIL deployment where 2FA is meant to serve as a meaningful access boundary.

Authentication Bypass Ail Framework
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Authenticated path traversal in AIL Framework (CIRCL's Analysis Information Leak threat-intel platform) lets a low-privileged user abuse the investigation workflow to read arbitrary files readable by the AIL process and exfiltrate them inside a generated archive. The flaw is fixed in commit 0041456af25da0cdea1c1c4624e46baff2731d8f, and no public exploit is identified at time of analysis. CVSS 4.0 is 8.3 (High), driven by a scope change where the leaked filesystem content is considered subsequent-system confidentiality impact.

Path Traversal Ail Framework
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Path traversal in AIL Framework's `/objects/item/diff` endpoint exposes gzip-compressed server-side files to authenticated users. The Flask blueprint route in `var/www/blueprints/objects_item.py` accepted arbitrary item identifiers via `s1` and `s2` query parameters and attempted to read and compare their contents without first verifying they resolved to legitimate AIL objects, enabling directory traversal sequences to escape the items directory. No active exploitation has been identified at time of analysis; CIRCL reported the issue and an upstream fix is available via a GitHub commit.

Path Traversal Ail Framework
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Stored cross-site scripting in AIL Framework <6.8 allows authenticated high-privilege attackers to inject malicious JavaScript through the modal item preview function. When processing item content exceeding 800 characters, the application returns attacker-controlled content without explicit text/plain content-type headers, enabling browser interpretation as HTML. Successful exploitation executes arbitrary JavaScript in victim browsers viewing crafted items, compromising confidentiality and integrity across system and user contexts. No public exploit identified at time of analysis.

XSS Ail Framework
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Global.py in AIL framework 2.8 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Ail Framework
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy