Description
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying unsanitized file keys containing traversal sequences (e.g., ../../) in the JSON payload, an attacker can escape the intended temporary directory and replace public facing images or fill the server's storage. This issue has been patched via commit 86f34c7.
Published: 2026-02-04
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: File Overwrite and Unauthorized Modification
Action: Patch Now
AI Analysis

Impact

NavigaTUM contains a path traversal flaw in the propose_edits endpoint that accepts file keys from JSON payloads without sanitization. By including traversal sequences such as "../../", an unauthenticated attacker can escape the intended temporary directory and overwrite existing files in directories writable by the application user, such as /cdn. This allows modification of public images or the placement of arbitrary data on the server, potentially leading to site defacement or denial of service via storage exhaustion.

Affected Systems

The vulnerability exists in all versions of TUM-Dev: NavigaTUM released before commit 86f34c7. The affected product is the NavigaTUM website and API, which allows room and place searches. No specific version numbers are listed beyond the commit identifier, indicating that any deployment not updated to or beyond that commit is susceptible.

Risk and Exploitability

The CVSS score of 8.8 classifies the flaw as high severity, although the EPSS score of less than 1% suggests a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only a crafted HTTP request to the propose_edits endpoint; no authentication is needed. Attackers can overwrite arbitrary files in directories with write access, enabling defacement, data corruption, or the placement of malicious files if executable permissions are granted to the target area. The risk remains significant until the patch is applied, but the likelihood of a widespread attack at present is low.

Generated by OpenCVE AI on April 17, 2026 at 23:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update NavigaTUM to commit 86f34c7 or later, which removes the unsanitized file key processing.
  • Immediately disable or restrict access to the propose_edits endpoint for unauthenticated users until the patch can be applied.
  • Revoke write permissions for any application‑writable directories such as /cdn, ensuring that only legitimate application processes have the necessary access.

Generated by OpenCVE AI on April 17, 2026 at 23:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Tum
Tum navigatum
Weaknesses CWE-22
CPEs cpe:2.3:a:tum:navigatum:*:*:*:*:*:*:*:*
Vendors & Products Tum
Tum navigatum
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Thu, 05 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Feb 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Tum-dev
Tum-dev navigatum
Vendors & Products Tum-dev
Tum-dev navigatum

Wed, 04 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Description NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying unsanitized file keys containing traversal sequences (e.g., ../../) in the JSON payload, an attacker can escape the intended temporary directory and replace public facing images or fill the server's storage. This issue has been patched via commit 86f34c7.
Title NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality
Weaknesses CWE-23
CWE-26
References
Metrics cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Tum Navigatum
Tum-dev Navigatum
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-05T17:48:31.956Z

Reserved: 2026-02-03T01:02:46.714Z

Link: CVE-2026-25575

cve-icon Vulnrichment

Updated: 2026-02-05T17:48:14.595Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T22:16:00.957

Modified: 2026-02-11T19:10:03.500

Link: CVE-2026-25575

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:15:30Z

Weaknesses