Description
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
Published: 2026-04-20
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary file deletion
Action: Apply Patch
AI Analysis

Impact

ThreatSonar Anti-Ransomware, developed by TeamT5, contains a Path Traversal flaw that allows authenticated remote attackers who can access the web interface to delete arbitrary files on the system. The vulnerability permits an attacker to specify a file path that traverses outside the intended directory, resulting in removal of critical system or application files. This loss of files can compromise system availability, disrupt services, and potentially expose sensitive information if deleted files were previously encrypted by the anti-ransomware software itself.

Affected Systems

The affected product is TeamT5’s ThreatSonar Anti-Ransomware. All deployments prior to the hotpatch released on 20260302 are vulnerable. No additional product variants or versions are listed, so any installation of this software that has not applied the hotpatch is at risk.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity. The EPSS score is not available, so the exact likelihood of exploitation is unknown. The vulnerability has been categorized as not listed in the CISA KEV catalog, although that does not preclude active exploitation. The likely attack path involves an attacker first authenticating to the web interface of ThreatSonar and then submitting a crafted request that includes a path traversal component to delete a target file. Compromise of the web credentials or a brute‑force attack on the authentication system could enable this scenario.

Generated by OpenCVE AI on April 20, 2026 at 08:20 UTC.

Remediation

Vendor Solution

Please install hotpatch version 20260302.

OpenCVE Recommended Actions

  • Install hotpatch version 20260302 from TeamT5.
  • Restrict web access to ThreatSonar by enforcing strong authenticated sessions, limiting IP ranges, and removing unnecessary administrative functionality.
  • Deploy file‑integrity monitoring or audit logs to detect and alert on unexpected file deletions within the ThreatSonar installation directories.

Generated by OpenCVE AI on April 20, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Teamt5
Teamt5 threatsonar Anti-ransomware
Vendors & Products Teamt5
Teamt5 threatsonar Anti-ransomware

Mon, 20 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Description ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
Title TeamT5|ThreatSonar Anti-Ransomware - Arbitrary File Deletion
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Teamt5 Threatsonar Anti-ransomware
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-04-20T13:30:25.604Z

Reserved: 2026-04-09T10:34:44.214Z

Link: CVE-2026-5966

cve-icon Vulnrichment

Updated: 2026-04-20T13:30:22.861Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-20T08:16:11.010

Modified: 2026-04-20T19:05:30.750

Link: CVE-2026-5966

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T08:30:02Z

Weaknesses