Critical severityNVD Advisory· Published Feb 1, 2026· Updated Apr 15, 2026

CVE-2026-25069

Description

SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequences via the filename parameter to read and delete arbitrary files. Successful exploitation can disclose sensitive information and delete critical system files, resulting in data loss and potential system compromise or denial of service.

Affected products

Sunfounder/Pm Dashboardreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/chapochapo/5db8702ede862af5c59a28b5d5a0aba3nvd
github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.pynvd
github.com/sunfounder/pm_dashboard/blob/main/pm_dashboard/pm_dashboard.pynvd
www.vulncheck.com/advisories/sunfounder-pironman-dashboard-path-traversal-arbitrary-file-read-deletionnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000