CVE-2026-2692
CVE-2026-2692 affects CoCoTeaNet CyreneAdmin up to version 1.3.0. The vulnerability resides in the Image Handler’s /api/system/user/getAvatar endpoint, where manipulation of the Avatar argument enables path traversal. Attack can be performed remotely, and an exploit has been published. CVSS metri...