Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-61505

MEDIUM NVD
CVSS Score 5.3
Severity MEDIUM
Published Jul 13, 2026
Vendor unknown

Description

Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact.

References