CVE-2026-0963

Name of the Vulnerable Software and Affected Versions Crafty Controller versions prior to Crafty-4

Description An input neutralization vulnerability exists in the File Operations API Endpoint component of Crafty Controller. This allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal. The vulnerability enables attackers to conduct file manipulation and potentially gain remote code execution capabilities. The affected component is the ''File Operations API Endpoint''. The vulnerable parameter is not specified.

Recommendations Update Crafty Controller to version Crafty-4 or later. As a temporary workaround, restrict access to the ''File Operations API Endpoint'' to minimize the risk of exploitation.