CVE-2026-42564

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions jotty·page versions prior to 1.22.0

Description An unauthenticated path traversal issue exists in the '/api/app-icons/[filename]' endpoint. The filename route parameter is joined into a filesystem path without proper traversal or boundary validation, which allows an attacker to read files located outside the 'data/uploads/app-icons/' directory. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder.

Recommendations Update to version 1.22.0.

Fix

Information Disclosure

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-22

Related Identifiers

CVE-2026-42564

Affected Products

Jotty·Page

CVE-2026-42564

Weakness Enumeration

Related Identifiers

Affected Products

References · 4