CVE-2026-3089 in Sync Serverالمعلومات

الملخص

بحسب MITRE • 09/03/2026

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments (../) can escape the intended directory and write files outside userFiles.This issue affects prior versions of Actual Sync Server 26.3.0.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Fluid Attacks

حجز

24/02/2026

إفشاء

09/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-349831

EPSS

0.00018

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-3089
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-3089
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-3089/

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!