CVE-2026-45454 — Microsoft SharePoint Server Upload Page Folder Path Traversal to Remote Code Execution

1. Overview A path traversal vulnerability exists in the SharePoint Server file upload page (Upload.aspx). The UploadPage.CurrentFolder property resolves the upload destination from the user-supplied RootFolder query string parameter without validating that the resolved folder belongs to the document library specified by the List parameter. An authenticated attacker with upload permissions to one document library can craft a request that uploads files to a different, restricted document library on the same site — including the Master Page Gallery (_catalogs/masterpage). ...

June 10, 2026 · 11 min · Aretiq AI

CVE-2026-48827 — Apache MINA SSHD sshd-git Path Traversal Info Disclosure

1. Overview A path traversal vulnerability exists in the Apache MINA SSHD sshd-git module, which provides Git-over-SSH server functionality. The module fails to validate user-supplied repository paths for directory traversal sequences when handling git-upload-pack and git-receive-pack commands. An SSH-authenticated attacker can supply paths containing ../ to escape the configured Git root directory and access arbitrary Git repositories on the server filesystem, exfiltrating source code, configuration, and secrets. The vulnerability also permits unauthorized writes to repositories via git-receive-pack (push). Apache addressed this vulnerability in MINA SSHD 2.18.0 and 3.0.0-M4, released May 2026. ...

June 1, 2026 · 9 min · Aretiq AI

CVE-2026-48866 — WordPress Gravity Forms Plugin File Upload Path Traversal Arbitrary File Deletion

1. Overview A path traversal vulnerability exists in the Gravity Forms WordPress plugin’s file deletion mechanism. When processing entries that contain file upload fields, the plugin converts stored file URLs to filesystem paths using a simple string replacement without validating that the resulting path remains within the uploads directory. An unauthenticated attacker can submit a form with a crafted gform_uploaded_files parameter containing directory traversal sequences (../), which are stored in the entry database. When a privileged user subsequently deletes the entry or its attached files, the traversal sequences cause the plugin to delete arbitrary files on the server. Deleting critical files such as wp-config.php results in complete site unavailability. Rocketgenius addressed this vulnerability in Gravity Forms version 2.10.1. ...

June 1, 2026 · 12 min · Aretiq AI