PT-2026-20649 · Unknown · Dynamicweb
Published
2026-02-19
·
Updated
2026-02-19
·
CVE-2026-2731
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
DynamicWeb versions prior to 9.19.7 and prior to 9.20.3
DynamicWeb version 8 (all)
Description
A path traversal and content injection issue exists in the 'JobRunnerBackground.aspx' component. This allows unauthenticated attackers to execute code through simple web requests. The issue leads to full system compromise. The vulnerable component is 'JobRunnerBackground.aspx'. The affected API endpoint is 'JobRunnerBackground.aspx'.
Recommendations
Update to DynamicWeb version 9.19.7 or later.
Update to DynamicWeb version 9.20.3 or later.
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dynamicweb