CVE-2026-7086 in Toonflow-appinformación

Resumen

por MITRE • 2026-04-27

A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. It is still unclear if this vulnerability genuinely exists. The vendor explains in a reply to the issue report, that "[t]he URL of this interface is designed to only be a local address or a trusted domain address configured in docker, and will not contain malicious links, unless the user modifies the code causing unexpected situations."

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulDB

Divulgación

2026-04-27

Moderación

aceptado

Artículo

VDB-359661

CPE

listo

CWE

CWE-22 (confirmado)

Explotación

Descargar

CVSS

4.3 (VulDB)

EPSS

0.00021

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7086
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7086
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7086/

◂ Anterior Visión De Conjunto Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!