Skip to main content

Iopaint

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5258 MEDIUM POC This Month

Path traversal in Sanster IOPaint 1.5.3 File Manager allows unauthenticated remote attackers to read, write, or delete arbitrary files via manipulated filename parameters in the _get_file function. EPSS data unavailable, but publicly available exploit code exists. Attack requires no authentication or user interaction (CVSS AV:N/PR:N/UI:N). Vendor did not respond to coordinated disclosure; patch status unknown at time of analysis.

Path Traversal Iopaint
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-5258
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Path traversal in Sanster IOPaint 1.5.3 File Manager allows unauthenticated remote attackers to read, write, or delete arbitrary files via manipulated filename parameters in the _get_file function. EPSS data unavailable, but publicly available exploit code exists. Attack requires no authentication or user interaction (CVSS AV:N/PR:N/UI:N). Vendor did not respond to coordinated disclosure; patch status unknown at time of analysis.

Path Traversal Iopaint
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy