Skip to main content

Thingsgateway

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4233 LOW POC Monitor

Path traversal in ThingsGateway 12's /api/file/download endpoint allows authenticated users to read arbitrary files through manipulation of the fileName parameter. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Path Traversal Thingsgateway
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-4233
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in ThingsGateway 12's /api/file/download endpoint allows authenticated users to read arbitrary files through manipulation of the fileName parameter. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Path Traversal Thingsgateway
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy