PT-2026-57846 · Rejetto · Rejetto Hfs
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-61505
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Rejetto HFS versions 3.0.0 through 3.2.0
Description
An issue exists that allows a remote unauthenticated attacker to perform path traversal via the
lang query parameter. This enables the reading of specific JSON files located outside the shared folders. The impact is limited because exploitation is restricted to files that follow a specific naming and format pattern.Recommendations
Update Rejetto HFS to a version later than 3.2.0.
As a temporary mitigation, restrict or monitor the use of the
lang query parameter.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rejetto Hfs