← volver
CVE-2026-11917

ThinManager® - Path Traversal via API

CVSS 7.2 HIGHCWE-22
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.2EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A path traversal security issue exists within Rockwell Automation ThinManager® software due to improper limitation of file save operations within the API. An authenticated attacker could exploit this vulnerability to write arbitrary files to restricted system directories outside of the application's intended directory.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N