CVE Catalog

CVE-2026-57321

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

The H5P plugin version 1.17.7 and earlier contains a vulnerability allowing a contributor to delete arbitrary files on the server. The flaw is due to insufficient permission validation during file deletion operations.

Risk Assessment

An attacker with contributor role can delete critical system files or data, leading to service disruption, data loss, or full server compromise.

Recommendation

Immediately update the H5P plugin to the latest available version that fixes this vulnerability. If an update is not possible, restrict contributor permissions to the minimum or temporarily disable the file deletion functionality.

Original NVD description (English source)

Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS