CVE Catalog

CVE-2026-56815

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

A vulnerability in pwnlift before d7a9544 in a privileged deployment allows an attacker to follow symbolic links in the upload handler in Components/Pages/Home.razor.

Risk Assessment

An attacker can exploit this flaw to write files to arbitrary locations on the filesystem, potentially leading to privilege escalation or application compromise in a privileged environment.

Recommendation

Immediately update pwnlift to version d7a9544 or later, which includes a fix for the symlink following vulnerability.

Original NVD description (English source)

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS