CVE Catalog

CVE-2026-36500

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Summary

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request.

Risk Assessment

Attackers may gain access to unauthorized files in the system, potentially leading to the exposure of sensitive data.

Recommendation

It is recommended to upgrade to the latest version of Controller to mitigate this vulnerability and to monitor logs for potential attack attempts.

Original NVD description (English source)

An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS