Description
A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
Published: 2026-04-27
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: Read Arbitrary Files
Action: Patch
AI Analysis

Impact

A path traversal vulnerability exists in the UI/static component of leonvanzyl autocoder commit 79d02a. It permits attackers to read arbitrary files on the server by sending a crafted URL path containing traversal sequences, potentially exposing sensitive data.

Affected Systems

The vulnerability affects leonvanzyl autocoder, specifically its UI/static component as of commit 79d02a. No other product versions are known to be affected.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is via the web interface; an attacker can construct a URL that includes directory traversal characters and send it to the application. No special credentials or additional privileges are required beyond the ability to reach the UI, making the exploitation straightforward for users with network access to the host.

Generated by OpenCVE AI on April 28, 2026 at 04:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of autocoder that addresses the path traversal flaw.
  • Restrict the web server’s access to the UI/static directory or remove the directory from the exposed URL space.
  • Enforce strict file system permissions so that the autocoder process cannot read sensitive files outside its intended workspace.

Generated by OpenCVE AI on April 28, 2026 at 04:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Leonvanzyl
Leonvanzyl autocoder
Vendors & Products Leonvanzyl
Leonvanzyl autocoder

Tue, 28 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Title Path Traversal Allows Read of Arbitrary Files in Autocoder UI Static Component

Mon, 27 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences.
References

Subscriptions

Leonvanzyl Autocoder
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-27T16:02:37.044Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30351

cve-icon Vulnrichment

Updated: 2026-04-27T16:01:03.943Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T16:16:43.413

Modified: 2026-04-27T19:18:46.690

Link: CVE-2026-30351

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T09:17:34Z

Weaknesses