CVE-2026-38360
CRITICAL EPSS 92.4%
Published May 8, 20261mo ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago
Description
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, BaseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
92.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
References 8
- github.com https://github.com/a1ohadance/CVE-2026-38360
- github.com https://github.com/advisories/GHSA-3rf6-x59v-5jfv
- github.com https://github.com/fohrloop/dash-uploader
- github.com https://github.com/fohrloop/dash-uploader/blob/dev/dash_uploader/httprequesthandler.py
- github.com https://github.com/fohrloop/dash-uploader/blob/stable/dash_uploader/httprequesthandler.py
- github.com https://github.com/fohrloop/dash-uploader/issues/153
- github.com https://github.com/github/advisory-database/pull/7635
- pypi.org https://pypi.org/project/dash-uploader/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.