Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for FalkorDB Browser by FalkorDB

    CVE-2026-6057 (GCVE-0-2026-6057)

    Vulnerability from nvd – Published: 2026-04-10 09:16 – Updated: 2026-04-10 20:25
    VLAI
    Title
    Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution
    Summary
    FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Ramesh Gunnam from Securin
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T20:24:59.231118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-10T20:25:53.551Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "64 bit",
                "Windows"
              ],
              "product": "FalkorDB Browser",
              "vendor": "FalkorDB",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.9.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ramesh Gunnam from Securin"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eFalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.\u003c/p\u003e"
                }
              ],
              "value": "FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T09:16:30.338Z",
            "orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
            "shortName": "securin"
          },
          "references": [
            {
              "url": "https://github.com/FalkorDB/falkordb-browser"
            },
            {
              "url": "https://github.com/FalkorDB/falkordb-browser/pull/1611"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
        "assignerShortName": "securin",
        "cveId": "CVE-2026-6057",
        "datePublished": "2026-04-10T09:16:30.338Z",
        "dateReserved": "2026-04-10T00:33:01.535Z",
        "dateUpdated": "2026-04-10T20:25:53.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6057 (GCVE-0-2026-6057)

    Vulnerability from cvelistv5 – Published: 2026-04-10 09:16 – Updated: 2026-04-10 20:25
    VLAI
    Title
    Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution
    Summary
    FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Credits
    Ramesh Gunnam from Securin
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-10T20:24:59.231118Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-10T20:25:53.551Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux",
                "64 bit",
                "Windows"
              ],
              "product": "FalkorDB Browser",
              "vendor": "FalkorDB",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.9.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ramesh Gunnam from Securin"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eFalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.\u003c/p\u003e"
                }
              ],
              "value": "FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-10T09:16:30.338Z",
            "orgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
            "shortName": "securin"
          },
          "references": [
            {
              "url": "https://github.com/FalkorDB/falkordb-browser"
            },
            {
              "url": "https://github.com/FalkorDB/falkordb-browser/pull/1611"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated Path Traversal in FalkorDB Browser Leads to Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "33c584b5-0579-4c06-b2a0-8d8329fcab9c",
        "assignerShortName": "securin",
        "cveId": "CVE-2026-6057",
        "datePublished": "2026-04-10T09:16:30.338Z",
        "dateReserved": "2026-04-10T00:33:01.535Z",
        "dateUpdated": "2026-04-10T20:25:53.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }