CVE-2026-12198 Microweber API Endpoint thumbnail_img userfiles_path path traversal

🗓️ 15 Jun 2026 00:00:08Reported by VulDBType

CVE-2026-12198: Microweber up to 2.0.20 allows path traversal via thumbnail image userfiles path.

Reporter	Title	Published	Views	Family All 5
Circl	CVE-2026-12198	15 Jun 202604:07	–	circl
CVE	CVE-2026-12198	15 Jun 202600:00	–	cve
EUVD	EUVD-2026-36674	15 Jun 202600:00	–	euvd
NVD	CVE-2026-12198	15 Jun 202600:16	–	nvd
Positive Technologies	PT-2026-49149	15 Jun 202600:00	–	ptsecurity

[
  {
    "vendor": "n/a",
    "product": "Microweber",
    "versions": [
      {
        "version": "2.0.0",
        "status": "affected"
      },
      {
        "version": "2.0.1",
        "status": "affected"
      },
      {
        "version": "2.0.2",
        "status": "affected"
      },
      {
        "version": "2.0.3",
        "status": "affected"
      },
      {
        "version": "2.0.4",
        "status": "affected"
      },
      {
        "version": "2.0.5",
        "status": "affected"
      },
      {
        "version": "2.0.6",
        "status": "affected"
      },
      {
        "version": "2.0.7",
        "status": "affected"
      },
      {
        "version": "2.0.8",
        "status": "affected"
      },
      {
        "version": "2.0.9",
        "status": "affected"
      },
      {
        "version": "2.0.10",
        "status": "affected"
      },
      {
        "version": "2.0.11",
        "status": "affected"
      },
      {
        "version": "2.0.12",
        "status": "affected"
      },
      {
        "version": "2.0.13",
        "status": "affected"
      },
      {
        "version": "2.0.14",
        "status": "affected"
      },
      {
        "version": "2.0.15",
        "status": "affected"
      },
      {
        "version": "2.0.16",
        "status": "affected"
      },
      {
        "version": "2.0.17",
        "status": "affected"
      },
      {
        "version": "2.0.18",
        "status": "affected"
      },
      {
        "version": "2.0.19",
        "status": "affected"
      },
      {
        "version": "2.0.20",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "API Endpoint"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/370841/cti
github	www.github.com/microweber/microweber/issues/1172
vuldb	www.vuldb.com/submit/829596
github	www.github.com/whuHouYF/microweber-vuldb-disclosure-2026/blob/991630c494a99c70a96e456992a04de2ecb5a1e1/reports/microweber-path-traversal.md
vuldb	www.vuldb.com/cve/CVE-2026-12198
github	www.github.com/microweber/microweber/
vuldb	www.vuldb.com/vuln/370841

15 Jun 2026 00:00Current

CVSS 46.9

CVSS 3.17.3

CVSS 37.3

CVSS 27.5

CWE-22