Loading market data...
← Back to CVE feed

CVE-2026-46747

MEDIUM CVSS 4.3 View on NVD ↗

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Published: Jun 09, 2026 10:16 UTC Modified: Jun 09, 2026 13:49 UTC