CVE-2026-8115

Name of the Vulnerable Software and Affected Versions gyoridavid short-video-maker versions prior to 1.3.5

Description A path traversal flaw exists in the REST API component within the src/server/routers/rest.ts file. A remote attacker can exploit this by manipulating the req.params.tmpFile argument, allowing unauthorized access to files or directories outside the intended folder.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.