CVE Catalog

CVE-2026-38360

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
14.56%

95th percentile — higher than 95% of all known CVEs

Summary

Directory Traversal vulnerability in fohrloop dash-uploader versions 0.1.0 through 0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, BaseHttpRequestHandler.get_temp_root(), and BaseHttpRequestHandler._post() components.

Risk Assessment

An attacker can exploit this vulnerability to execute arbitrary code remotely, potentially leading to system takeover or data leakage.

Recommendation

It is recommended to upgrade to the latest version of fohrloop dash-uploader to mitigate this vulnerability and implement additional security measures.

Original NVD description (English source)

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, BaseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS