CVE Catalog
CVE-2026-56815
HighCVSS 7.4Exploitation Probability (EPSS)
Low risk0.14%
4th percentile — higher than 4% of all known CVEs
Summary
A vulnerability in pwnlift before d7a9544 in a privileged deployment allows an attacker to follow symbolic links in the upload handler in Components/Pages/Home.razor.
Risk Assessment
An attacker can exploit this flaw to write files to arbitrary locations on the filesystem, potentially leading to privilege escalation or application compromise in a privileged environment.
Recommendation
Immediately update pwnlift to version d7a9544 or later, which includes a fix for the symlink following vulnerability.
Original NVD description (English source)
pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor.

