| CVE ID | CVSS Score | Severity | Description |
|---|---|---|---|
| CVE-2026-46748 | 8.8 | high |
CVE-2026-46748. The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.
|
| CVE-2026-46747 | 4.3 | medium |
CVE-2026-46747. The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations.
|
| CVE-2026-46749 | 7.5 | high |
CVE-2026-46749. The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.
|
| CVE-2026-46746 | 8.8 | high |
CVE-2026-46746. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when directory listings are retrieved. This could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the affected service user (sinecins).
|