Critical severityNVD Advisory· Published Feb 19, 2026· Updated Apr 15, 2026

CVE-2026-2731

Description

Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

doc.dynamicweb.dev/documentation/fundamentals/dw10release/security-reports.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000