← Back

CVE-2026-40163

nvd nist
Published: Apr 10, 2026Modified: Apr 27, 2026

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Exploitability: 3.9 / Impact: 4.2
Source: security-advisories@github.com (Secondary)

Description

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the server filesystem. The GET /sync/upload_finished endpoint allows an unauthenticated attacker to list arbitrary directory contents and read specific JSON files. This vulnerability is fixed in 1.4.5, 1.5.5, and 1.6.0-beta.4.

Affected (23)

Products: Saltcorn: Saltcorn
Saltcorn
1 product
Saltcorn
Configuration A
23 vulnerable
Vulnerable SoftwareAffected Versions
Saltcorn
Saltcorn
Before 1.4.5
Saltcorn
From 1.5.0 to 1.5.5
Saltcorn
Version 1.6.0 alpha0
Saltcorn
Version 1.6.0 alpha10
Saltcorn
Version 1.6.0 alpha11
Saltcorn
Version 1.6.0 alpha12
Saltcorn
Version 1.6.0 alpha13
Saltcorn
Version 1.6.0 alpha14
Saltcorn
Version 1.6.0 alpha15
Saltcorn
Version 1.6.0 alpha16
Saltcorn
Version 1.6.0 alpha17
Saltcorn
Version 1.6.0 alpha1
Saltcorn
Version 1.6.0 alpha2
Saltcorn
Version 1.6.0 alpha3
Saltcorn
Version 1.6.0 alpha4
Saltcorn
Version 1.6.0 alpha5
Saltcorn
Version 1.6.0 alpha6
Saltcorn
Version 1.6.0 alpha7
Saltcorn
Version 1.6.0 alpha8
Saltcorn
Version 1.6.0 alpha9
Saltcorn
Version 1.6.0 beta1
Saltcorn
Version 1.6.0 beta2
Saltcorn
Version 1.6.0 beta3

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (1)

Source: security-advisories@github.com
ExploitMitigationVendor Advisory

Timeline

No history available yet.