Lucene search
K

4 matches found

NVD
NVD
added 2026/06/19 10:16 a.m.17 views

CVE-2026-56138

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS0.00341EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:3 a.m.6 views

CVE-2026-56138

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS5.8AI score0.00341EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 8:3 a.m.32 views

CVE-2026-56138 Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files

AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed ...

5.3CVSS0.00341EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 8:3 a.m.53 views

CVE-2026-56138

CVE-2026-56138 affects the AIL framework. A path traversal vulnerability exists in the /objects/item/diff endpoint, where an authenticated user can supply item identifiers via the s1 and s2 query parameters. Before the fix, the service could read gzip-compressed files accessible to the AIL proces...

5.3CVSS5.8AI score0.00341EPSS
Exploits0References1
Rows per page
Query Builder