PT-2026-55504 · Unknown · Lucene.Net.Replicator
Daniel Cervera
+2
·
Published
2026-07-03
·
Updated
2026-07-03
·
CVE-2026-47897
CVSS v4.0
8.9
High
| Vector | AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:Y/RE:L |
Name of the Vulnerable Software and Affected Versions
Apache Lucene.Net.Replicator versions 4.8.0-beta00005 through 4.8.0-beta00017
Description
A path traversal issue exists in the Lucene.Net.Replicator library due to improper input validation and sanitization of filesystem paths. This allows traversal sequences to escape the intended base path, potentially enabling unauthorized read or write access to files outside the replication directories. This can lead to the leakage of sensitive data, tampering with replicated index artifacts, or service compromise if an attacker can supply crafted path values to replication-related APIs or endpoints that pass user-controlled input into file operations.
Recommendations
Upgrade to version 4.8.0-beta00018.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lucene.Net.Replicator