CVE-2026-38360
CriticalCVSS 9.8Exploitation Probability (EPSS)
Very high risk95th percentile — higher than 95% of all known CVEs
Summary
Directory Traversal vulnerability in fohrloop dash-uploader versions 0.1.0 through 0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, BaseHttpRequestHandler.get_temp_root(), and BaseHttpRequestHandler._post() components.
Risk Assessment
An attacker can exploit this vulnerability to execute arbitrary code remotely, potentially leading to system takeover or data leakage.
Recommendation
It is recommended to upgrade to the latest version of fohrloop dash-uploader to mitigate this vulnerability and implement additional security measures.
Original NVD description (English source)
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, BaseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components.

