PT-2026-57846 · Rejetto · Rejetto Hfs

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-61505

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Rejetto HFS versions 3.0.0 through 3.2.0
Description An issue exists that allows a remote unauthenticated attacker to perform path traversal via the lang query parameter. This enables the reading of specific JSON files located outside the shared folders. The impact is limited because exploitation is restricted to files that follow a specific naming and format pattern.
Recommendations Update Rejetto HFS to a version later than 3.2.0. As a temporary mitigation, restrict or monitor the use of the lang query parameter.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61505

Affected Products

Rejetto Hfs