VYPR
High severity7.6NVD Advisory· Published May 12, 2026· Updated May 14, 2026

CVE-2026-45225

CVE-2026-45225

Description

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in the upload_file() handler to bypass path restrictions and write, read, or delete files outside the intended storage directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Heymrun/Heymreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <0.0.0.21

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.