CVE-2026-40163
CVE-2026-40163
8.2
HighPublished:
Last updated:
Source:security-advisories@github.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- Low
- Integrity
- High
- Availability
- None
Description
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the server filesystem. The GET /sync/upload_finished endpoint allows an unauthenticated attacker to list arbitrary directory contents and read specific JSON files. This vulnerability is fixed in 1.4.5, 1.5.5, and 1.6.0-beta.4.
References
security-advisories@github.com
https://github.com/saltcorn/saltcorn/security/advisories/GHSA-32pv-mpqg-h292