CVE-2026-61505
MEDIUM
NVD
CVSS Score
5.3
Severity
MEDIUM
Published
Jul 13, 2026
Vendor
unknown
Description
Rejetto HFS 3.0.0 through 3.2.0 allows path traversal through the lang query parameter, permitting a remote unauthenticated attacker to read certain JSON files outside the shared folders. Exploitation is constrained to files matching a narrow naming and format pattern, limiting practical impact.