#path traversal
7 stories taggedpath traversal.

Progress ShareFile zero-day forced emergency server shutdowns; patch is out
A path traversal flaw in Storage Zone Controllers let admin users read and write files they shouldn't. Progress says no customer breach has been found.

Three FortiSandbox Bugs Under Active Exploitation, Including a 9.1 Path Traversal
Threat intel firm flags in-the-wild abuse of CVE-2026-39813, CVE-2026-39808 and CVE-2026-25089 within a 24-hour window.

Langflow's Unauthenticated File-Write Flaw Is Being Exploited — Patch Dropped 73 Days Ago
CVE-2026-5027 lets attackers write files to arbitrary paths on exposed servers, and because Langflow ships with login disabled by default, exploitation requires exactly zero credentials.

Langflow Path Traversal Flaw CVE-2026-5027 Hits CISA's Exploited List
An unauthenticated write-anywhere bug in the open-source AI builder is being abused in the wild, per VulnCheck telemetry, raising fresh questions for federal users bound by BOD 22-01 patch deadlines.

Langflow Path Traversal Under Active Exploitation, No Patch Available
CVE-2026-5027 lets unauthenticated attackers write arbitrary files on Langflow servers. In-the-wild exploitation is being tracked now.

Gamaredon and UAC-0226 Are Still Riding the WinRAR Path-Traversal Bug Into Ukrainian Networks
Nearly a year after a patch shipped, CVE-2025-8088 keeps paying dividends for two Russia-aligned crews running stealer campaigns against Ukraine.

One Bad Character in a Host Header Breaks Auth for Thousands of FastAPI Apps
A parsing gap in Starlette lets unauthenticated requests reach protected routes — and the blast radius runs deep into the AI inference stack.