CVE-2026-40503 — Path Traversal
Image via images.unsplash.com
CVE-2026-40503 — OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /memory show slash command. Attackers can manipulate the path input parameter to escape
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-40503 | vulnerability | CVE-2026-40503 |
| CWE-22 | weakness | CWE-22 |
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 16, 2026 at 04:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
MailGates/MailAudit CRLF Injection Exposes System Files
CVE-2026-6351 — MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
Critical MailGates Flaw Lets Attackers Run Wild
CVE-2026-6350 — MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary...
WinMatrix Agent: Local Auth Bypass to SYSTEM Privileges
CVE-2026-6348 — WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on...