CVE Catalog

CVE-2026-53777

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile - higher than 11% of all known CVEs

Summary

Perry before version 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages.

Risk Assessment

Organizations may be at risk of overwriting sensitive files or exposing local files to an attacker-accessible location, potentially leading to data loss or security breaches.

Recommendation

It is recommended to upgrade to the latest version of Perry to mitigate this vulnerability. Additionally, monitor and restrict access to build servers and validate input in the artifact_name and download_path fields.

Original NVD description (English source)

Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any location writable by the running process by supplying unsanitized path components in the artifact_name field of ArtifactReady WebSocket messages. Attackers controlling the server URL can deliver traversal payloads through the artifact_name or download_path fields, causing the client to overwrite sensitive files or expose arbitrary local files to an attacker-accessible location.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS