← back
CVE-2026-11917

ThinManager® - Path Traversal via API

CVSS 7.2 HIGHCWE-22
Vexday Risk Score
18Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.2EPSS KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A path traversal security issue exists within Rockwell Automation ThinManager® software due to improper limitation of file save operations within the API. An authenticated attacker could exploit this vulnerability to write arbitrary files to restricted system directories outside of the application's intended directory.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N