Unknown · Dash-Uploader · CVE-2026-38360
**Name of the Vulnerable Software and Affected Versions**
fohrloop dash-uploader versions 0.1.0 through 0.7.0a2
**Description**
A directory traversal issue allows a remote attacker to execute arbitrary code. This is possible through the `dash uploader/httprequesthandler.py` component, specifically within the `aseHttpRequestHandler.get temp root()` and `BaseHttpRequestHandler. post()` functions.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.