CVE-2026-0805

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-0805

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0805.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-0805

Published

2026-01-30T06:04:15.330Z

Modified

2026-02-02T19:34:10.010359Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Crafty Controller

Details

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ],
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/0xxx/CVE-2026-0805.json"
}

References

Affected packages

Git / gitlab.com/crafty-controller/crafty-4

Affected ranges

Type

GIT

Repo

https://gitlab.com/crafty-controller/crafty-4

Events

Introduced

99da4d9c37e61d2e1fd2f9e0ecebd60adb55917e

Fixed

1a7bb702b693991159a540bc22fe9b17dd320bd2

Database specific

{
    "versions": [
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.8.0"
        }
    ]
}

Affected versions

v4.*

v4.5.0

v4.5.1

v4.5.2

v4.5.3

v4.5.4

v4.5.5

v4.6.1

v4.6.2

v4.7.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0805.json"