CVE-2026-12198

🗓️ 15 Jun 2026 00:00:08Reported by VulDBType

CVE-2026-12198 in Microweber API Endpoint thumbnail_img allows remote path traversal via cache_path_relative.

Reporter	Title	Published	Views	Family All 4
Cvelist	CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal	15 Jun 202600:00	–	cvelist
EUVD	EUVD-2026-36674	15 Jun 202600:00	–	euvd
NVD	CVE-2026-12198	15 Jun 202600:16	–	nvd
Positive Technologies	PT-2026-49149	15 Jun 202600:00	–	ptsecurity

Vulners

Node

microweber microweberMatch2.0.0

microweber microweberMatch2.0.1

microweber microweberMatch2.0.2

microweber microweberMatch2.0.3

microweber microweberMatch2.0.4

microweber microweberMatch2.0.5

microweber microweberMatch2.0.6

microweber microweberMatch2.0.7

microweber microweberMatch2.0.8

microweber microweberMatch2.0.9

microweber microweberMatch2.0.10

microweber microweberMatch2.0.11

microweber microweberMatch2.0.12

microweber microweberMatch2.0.13

microweber microweberMatch2.0.14

microweber microweberMatch2.0.15

microweber microweberMatch2.0.16

microweber microweberMatch2.0.17

microweber microweberMatch2.0.18

microweber microweberMatch2.0.19

microweber microweberMatch2.0.20

[
  {
    "vendor": "n/a",
    "product": "Microweber",
    "versions": [
      {
        "version": "2.0.0",
        "status": "affected"
      },
      {
        "version": "2.0.1",
        "status": "affected"
      },
      {
        "version": "2.0.2",
        "status": "affected"
      },
      {
        "version": "2.0.3",
        "status": "affected"
      },
      {
        "version": "2.0.4",
        "status": "affected"
      },
      {
        "version": "2.0.5",
        "status": "affected"
      },
      {
        "version": "2.0.6",
        "status": "affected"
      },
      {
        "version": "2.0.7",
        "status": "affected"
      },
      {
        "version": "2.0.8",
        "status": "affected"
      },
      {
        "version": "2.0.9",
        "status": "affected"
      },
      {
        "version": "2.0.10",
        "status": "affected"
      },
      {
        "version": "2.0.11",
        "status": "affected"
      },
      {
        "version": "2.0.12",
        "status": "affected"
      },
      {
        "version": "2.0.13",
        "status": "affected"
      },
      {
        "version": "2.0.14",
        "status": "affected"
      },
      {
        "version": "2.0.15",
        "status": "affected"
      },
      {
        "version": "2.0.16",
        "status": "affected"
      },
      {
        "version": "2.0.17",
        "status": "affected"
      },
      {
        "version": "2.0.18",
        "status": "affected"
      },
      {
        "version": "2.0.19",
        "status": "affected"
      },
      {
        "version": "2.0.20",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "API Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/370841/cti
github	www.github.com/microweber/microweber/issues/1172
vuldb	www.vuldb.com/submit/829596
github	www.github.com/whuHouYF/microweber-vuldb-disclosure-2026/blob/991630c494a99c70a96e456992a04de2ecb5a1e1/reports/microweber-path-traversal.md
vuldb	www.vuldb.com/cve/CVE-2026-12198
github	www.github.com/microweber/microweber/
vuldb	www.vuldb.com/vuln/370841

15 Jun 2026 00:16Current

7.1High risk

Vulners AI Score7.1

CVSS 46.9

CVSS 3.17.3

CVSS 27.5

CVSS 37.3

CWE-22