CVE-2026-5258

Name of the Vulnerable Software and Affected Versions Sanster IOPaint version 1.5.3

Description A path traversal issue exists in the File Manager component of Sanster IOPaint version 1.5.3, specifically within the get file function of the iopaint/file manager/file manager.py file. Manipulation of the filename argument can lead to path traversal. The exploit has been made public and is possible to be carried out remotely. The vendor was contacted but did not respond.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the iopaint/file manager/file manager.py file.