CVE-2026-0805

high

Description

An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.

References

https://gitlab.com/crafty-controller/crafty-4/-/issues/650

Details

Source: Mitre, NVD

Published: 2026-01-30

Updated: 2026-02-26

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H