CVE-2026-8736 Oinone Pamirs RestController LocalFileClient.java request.getParameter path traversal

A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Performing a manipulation of the argument uniqueFileName results in path traversal. The attack may be...