PT-2026-41011 · Pode · Pode
Tosieeek
·
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2026-42598
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Pode versions 2.4.0 through 2.12.x
Description
A flaw in the Static Route functionality allows an attacker to request arbitrary files from the local file system by specifying absolute paths in the request, leading to unauthorized information disclosure.
Recommendations
Update to version 2.13.0.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pode