PT-2026-60931 · Halo Dev · Halo

·

CVE-2026-16088

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v2.0

5.8

Medium

VectorAV:N/AC:L/Au:M/C:P/I:P/A:P
A vulnerability was detected in halo-dev halo up to 2.24.2. Affected by this vulnerability is the function Download of the file MigrationEndpoint.java of the component Files Backup Endpoint. Performing a manipulation results in path traversal. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-16088

Affected Products

Halo