An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.
"https://github.com/pypa/advisory-database/blob/main/vulns/freetakserver-ui/PYSEC-2026-637.yaml"