Skip to main content

Better Icons

1 CVEs product

Monthly

CVE-2026-15527 LOW POC Monitor

Path traversal in better-auth/better-icons (versions up to and including 1.0.5) allows a local low-privileged attacker to manipulate the icons_file argument passed to the scan_project_icons/sync_icon component, escaping the intended directory boundary to read or write arbitrary files accessible to the process. A public proof-of-concept has been disclosed via GitHub issue #18, and the vendor has not yet responded to the responsible disclosure. No CISA KEV listing exists; the CVSS 4.0 base score of 1.9 correctly reflects the constrained local-only attack surface and limited per-file impact.

Path Traversal Better Icons
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
EPSS 0% CVSS 1.9
LOW POC Monitor

Path traversal in better-auth/better-icons (versions up to and including 1.0.5) allows a local low-privileged attacker to manipulate the icons_file argument passed to the scan_project_icons/sync_icon component, escaping the intended directory boundary to read or write arbitrary files accessible to the process. A public proof-of-concept has been disclosed via GitHub issue #18, and the vendor has not yet responded to the responsible disclosure. No CISA KEV listing exists; the CVSS 4.0 base score of 1.9 correctly reflects the constrained local-only attack surface and limited per-file impact.

Path Traversal Better Icons
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy