Devtoys

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-22685 HIGH PATCH This Week

DevToys versions 2.0.0.0 through 2.0.8.x are vulnerable to path traversal attacks during extension package installation, allowing attackers to write files outside the intended directory by crafting malicious NUPKG archives with directory traversal sequences. An attacker can exploit this to overwrite arbitrary files with DevToys process privileges, potentially enabling code execution or system compromise on affected systems. The vulnerability is patched in version 2.0.9.0.

Path Traversal Devtoys

NVD GitHub

CVSS 3.1

8.8

EPSS

0.0%

CVE-2026-22685

EPSS 0% CVSS 8.8

HIGH PATCH This Week

DevToys versions 2.0.0.0 through 2.0.8.x are vulnerable to path traversal attacks during extension package installation, allowing attackers to write files outside the intended directory by crafting malicious NUPKG archives with directory traversal sequences. An attacker can exploit this to overwrite arbitrary files with DevToys process privileges, potentially enabling code execution or system compromise on affected systems. The vulnerability is patched in version 2.0.9.0.

Path Traversal Devtoys

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy