PT-2026-55504 · Unknown · Lucene.Net.Replicator

Daniel Cervera

+2

·

Published

2026-07-03

·

Updated

2026-07-03

·

CVE-2026-47897

CVSS v4.0

8.9

High

VectorAV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:Y/RE:L
Name of the Vulnerable Software and Affected Versions Apache Lucene.Net.Replicator versions 4.8.0-beta00005 through 4.8.0-beta00017
Description A path traversal issue exists in the Lucene.Net.Replicator library due to improper input validation and sanitization of filesystem paths. This allows traversal sequences to escape the intended base path, potentially enabling unauthorized read or write access to files outside the replication directories. This can lead to the leakage of sensitive data, tampering with replicated index artifacts, or service compromise if an attacker can supply crafted path values to replication-related APIs or endpoints that pass user-controlled input into file operations.
Recommendations Upgrade to version 4.8.0-beta00018.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-47897

Affected Products

Lucene.Net.Replicator